Seacms
by Seacms
CVEs (116)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-40520 | 0.00 | — | 0.01 | Jul 12, 2024 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the… | |||
| CVE-2024-39027 | 0.00 | — | 0.00 | Jul 5, 2024 | SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. | |||
| CVE-2024-39028 | 0.00 | — | 0.01 | Jul 5, 2024 | An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | |||
| CVE-2024-6416 | 0.00 | — | 0.01 | Jun 30, 2024 | A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to… | |||
| CVE-2024-31611 | 0.00 | — | 0.01 | Jun 10, 2024 | SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. | |||
| CVE-2024-30565 | 0.00 | — | 0.02 | Apr 4, 2024 | An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. | |||
| CVE-2023-50470 | 0.00 | — | 0.00 | Dec 28, 2023 | A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-46987 | 0.00 | — | 0.02 | Dec 28, 2023 | SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | |||
| CVE-2023-46010 | 0.00 | — | 0.01 | Oct 24, 2023 | An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | |||
| CVE-2023-44847 | 0.00 | — | 0.01 | Oct 10, 2023 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | |||
| CVE-2023-44848 | 0.00 | — | 0.01 | Oct 10, 2023 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. | |||
| CVE-2023-44846 | 0.00 | — | 0.01 | Oct 10, 2023 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | |||
| CVE-2023-43222 | 0.00 | — | 0.01 | Sep 26, 2023 | SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | |||
| CVE-2023-44171 | 0.00 | — | 0.01 | Sep 26, 2023 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | |||
| CVE-2023-44169 | 0.00 | — | 0.01 | Sep 26, 2023 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | |||
| CVE-2023-44170 | 0.00 | — | 0.01 | Sep 26, 2023 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | |||
| CVE-2023-44172 | 0.00 | — | 0.01 | Sep 26, 2023 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | |||
| CVE-2023-43216 | 0.00 | — | 0.01 | Sep 26, 2023 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | |||
| CVE-2023-43278 | 0.00 | — | 0.00 | Sep 25, 2023 | A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | |||
| CVE-2023-37125 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
- CVE-2024-40520Jul 12, 2024risk 0.00cvss —epss 0.01
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the…
- CVE-2024-39027Jul 5, 2024risk 0.00cvss —epss 0.00
SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked.
- CVE-2024-39028Jul 5, 2024risk 0.00cvss —epss 0.01
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
- CVE-2024-6416Jun 30, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to…
- CVE-2024-31611Jun 10, 2024risk 0.00cvss —epss 0.01
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
- CVE-2024-30565Apr 4, 2024risk 0.00cvss —epss 0.02
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.
- CVE-2023-50470Dec 28, 2023risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-46987Dec 28, 2023risk 0.00cvss —epss 0.02
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
- CVE-2023-46010Oct 24, 2023risk 0.00cvss —epss 0.01
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
- CVE-2023-44847Oct 10, 2023risk 0.00cvss —epss 0.01
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.
- CVE-2023-44848Oct 10, 2023risk 0.00cvss —epss 0.01
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.
- CVE-2023-44846Oct 10, 2023risk 0.00cvss —epss 0.01
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.
- CVE-2023-43222Sep 26, 2023risk 0.00cvss —epss 0.01
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
- CVE-2023-44171Sep 26, 2023risk 0.00cvss —epss 0.01
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.
- CVE-2023-44169Sep 26, 2023risk 0.00cvss —epss 0.01
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.
- CVE-2023-44170Sep 26, 2023risk 0.00cvss —epss 0.01
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.
- CVE-2023-44172Sep 26, 2023risk 0.00cvss —epss 0.01
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.
- CVE-2023-43216Sep 26, 2023risk 0.00cvss —epss 0.01
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.
- CVE-2023-43278Sep 25, 2023risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
- CVE-2023-37125Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Page 5 of 6