Vendor CVEs
Seacms
All CVEs
116 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-37124 | 0.00 | — | 0.00 | Jul 6, 2023 | A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2023-2926 | 0.00 | — | 0.01 | May 27, 2023 | A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated… | |||
| CVE-2023-0960 | 0.00 | — | 0.01 | Feb 22, 2023 | A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The… | |||
| CVE-2022-48093 | 0.00 | — | 0.01 | Feb 1, 2023 | Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. | |||
| CVE-2021-39426 | 0.00 | — | 0.01 | Dec 15, 2022 | An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. | |||
| CVE-2022-43256 | 0.00 | — | 0.01 | Nov 16, 2022 | SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | |||
| CVE-2022-28076 | 0.00 | — | 0.02 | May 4, 2022 | Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. | |||
| CVE-2022-27336 | 0.00 | — | 0.20 | Apr 27, 2022 | Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. | |||
| CVE-2022-23878 | 0.00 | — | 0.02 | Mar 2, 2022 | seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. | |||
| CVE-2021-37358 | 0.00 | — | 0.02 | Aug 18, 2021 | SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". | |||
| CVE-2021-29313 | 0.00 | — | 0.01 | Aug 17, 2021 | Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, | |||
| CVE-2020-28846 | 0.00 | — | 0.00 | Aug 17, 2021 | Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. | |||
| CVE-2020-26642 | 0.00 | — | 0.01 | May 28, 2021 | A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. | |||
| CVE-2019-8418 | 0.00 | — | 0.01 | Feb 17, 2019 | SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. | |||
| CVE-2018-19350 | 0.00 | — | 0.01 | Nov 17, 2018 | In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | |||
| CVE-2018-19349 | 0.00 | — | 0.01 | Nov 17, 2018 | In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. |
- CVE-2023-37124Jul 6, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2023-2926May 27, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated…
- CVE-2023-0960Feb 22, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The…
- CVE-2022-48093Feb 1, 2023risk 0.00cvss —epss 0.01
Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.
- CVE-2021-39426Dec 15, 2022risk 0.00cvss —epss 0.01
An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.
- CVE-2022-43256Nov 16, 2022risk 0.00cvss —epss 0.01
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
- CVE-2022-28076May 4, 2022risk 0.00cvss —epss 0.02
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.
- CVE-2022-27336Apr 27, 2022risk 0.00cvss —epss 0.20
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.
- CVE-2022-23878Mar 2, 2022risk 0.00cvss —epss 0.02
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.
- CVE-2021-37358Aug 18, 2021risk 0.00cvss —epss 0.02
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".
- CVE-2021-29313Aug 17, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,
- CVE-2020-28846Aug 17, 2021risk 0.00cvss —epss 0.00
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
- CVE-2020-26642May 28, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
- CVE-2019-8418Feb 17, 2019risk 0.00cvss —epss 0.01
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
- CVE-2018-19350Nov 17, 2018risk 0.00cvss —epss 0.01
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
- CVE-2018-19349Nov 17, 2018risk 0.00cvss —epss 0.01
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
Page 3 of 3