VYPR

Seacms

by Seacms

CVEs (116)

  • CVE-2024-40520Jul 12, 2024
    risk 0.00cvss epss 0.01

    SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the…

  • CVE-2024-39027Jul 5, 2024
    risk 0.00cvss epss 0.00

    SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked.

  • CVE-2024-39028Jul 5, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.

  • CVE-2024-6416Jun 30, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to…

  • CVE-2024-31611Jun 10, 2024
    risk 0.00cvss epss 0.01

    SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.

  • CVE-2024-30565Apr 4, 2024
    risk 0.00cvss epss 0.02

    An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.

  • CVE-2023-50470Dec 28, 2023
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2023-46987Dec 28, 2023
    risk 0.00cvss epss 0.02

    SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.

  • CVE-2023-46010Oct 24, 2023
    risk 0.00cvss epss 0.01

    An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.

  • CVE-2023-44847Oct 10, 2023
    risk 0.00cvss epss 0.01

    An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.

  • CVE-2023-44848Oct 10, 2023
    risk 0.00cvss epss 0.01

    An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.

  • CVE-2023-44846Oct 10, 2023
    risk 0.00cvss epss 0.01

    An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.

  • CVE-2023-43222Sep 26, 2023
    risk 0.00cvss epss 0.01

    SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.

  • CVE-2023-44171Sep 26, 2023
    risk 0.00cvss epss 0.01

    SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.

  • CVE-2023-44169Sep 26, 2023
    risk 0.00cvss epss 0.01

    SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.

  • CVE-2023-44170Sep 26, 2023
    risk 0.00cvss epss 0.01

    SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.

  • CVE-2023-44172Sep 26, 2023
    risk 0.00cvss epss 0.01

    SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.

  • CVE-2023-43216Sep 26, 2023
    risk 0.00cvss epss 0.01

    SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.

  • CVE-2023-43278Sep 25, 2023
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

  • CVE-2023-37125Jul 6, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Page 5 of 6