Seacms

seacms

Vendor: Seacms • 114 CVEs

CVEs (114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-36932 1Seacms 1Seacms Feb 2, 2026 Jan 25, 2026 5.1 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the pag...Show more SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.Show less
CVE-2025-15003 1Seacms 1Seacms Apr 29, 2026 Dec 22, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to...Show more A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.Show less
CVE-2025-15002 1Seacms 1Seacms Apr 29, 2026 Dec 21, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injec...Show more A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-60449 1Seacms 1Seacms Oct 8, 2025 Oct 3, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrato...Show more An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan and download not only the application’s source code but also potentially any file accessible on the server’s root directory.Show less
CVE-2025-11071 1Seacms 1Seacms Apr 29, 2026 Sep 27, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/...Show more A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2025-10662 1Seacms 1Seacms Apr 29, 2026 Sep 18, 2025 2.0 LOW· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be...Show more A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This affects another injection point than CVE-2025-25513.Show less
CVE-2025-50592 1Seacms 1Seacms Aug 15, 2025 Aug 5, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.
CVE-2025-6864 1Seacms 1Seacms Apr 29, 2026 Jun 29, 2025 2.1 LOW· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request fo...Show more A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-40570 1Seacms 1Seacms Jun 23, 2025 Jun 17, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component.
CVE-2025-44073 1Seacms 1Seacms Jun 12, 2025 May 6, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
CVE-2025-44074 1Seacms 1Seacms May 13, 2025 May 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
CVE-2025-44072 1Seacms 1Seacms May 13, 2025 May 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
CVE-2025-44071 1Seacms 1Seacms May 13, 2025 May 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.
CVE-2025-4257 1Seacms 1Seacms Oct 6, 2025 May 5, 2025 5.1 MEDIUM· v4 6.1 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scr...Show more A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-4256 1Seacms 1Seacms Jun 12, 2025 May 5, 2025 5.1 MEDIUM· v4 5.4 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attac...Show more A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-3797 1Seacms 1Seacms Jul 15, 2025 Apr 19, 2025 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The...Show more A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-3792 1Seacms 1Seacms Jul 15, 2025 Apr 18, 2025 5.1 MEDIUM· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to...Show more A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-29647 1Seacms 1Seacms Apr 8, 2025 Apr 3, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
CVE-2025-25813 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
CVE-2025-25802 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.

12 3 4 5 6 Next