Seacms

seacms

Vendor: Seacms • 114 CVEs

CVEs (114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-40518 1Seacms 1Seacms Nov 21, 2024 Jul 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated a...Show more SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.Show less
CVE-2024-39028 1Seacms 1Seacms Nov 21, 2024 Jul 5, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
CVE-2024-39027 1Seacms 1Seacms Mar 20, 2025 Jul 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database i...Show more SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked.Show less
CVE-2024-6416 1Seacms 1Seacms Apr 5, 2025 Jun 30, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid w...Show more A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270007.Show less
CVE-2024-31611 1Seacms 1Seacms Mar 13, 2025 Jun 10, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
CVE-2024-30565 1Seacms 1Seacms Mar 28, 2025 Apr 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.
CVE-2024-29275 1Seacms 1Seacms Mar 28, 2025 Mar 22, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.
CVE-2023-50470 1Seacms 1Seacms Nov 21, 2024 Dec 28, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-46987 1Seacms 1Seacms Nov 21, 2024 Dec 28, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
CVE-2023-46010 1Seacms 1Seacms Nov 21, 2024 Oct 25, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
CVE-2023-44848 1Seacms 1Seacms Nov 21, 2024 Oct 10, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.
CVE-2023-44847 1Seacms 1Seacms Nov 21, 2024 Oct 10, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.
CVE-2023-44846 1Seacms 1Seacms Nov 21, 2024 Oct 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.
CVE-2023-44172 1Seacms 1Seacms Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.
CVE-2023-44171 1Seacms 1Seacms Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.
CVE-2023-44170 1Seacms 1Seacms Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.
CVE-2023-44169 1Seacms 1Seacms Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.
CVE-2023-43222 1Seacms 1Seacms Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
CVE-2023-43216 1Seacms 1Seacms Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.
CVE-2023-43278 1Seacms 1Seacms Nov 21, 2024 Sep 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

Previous 1 2 345 6 Next