Seacms

seacms

114 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Seacms

seacms

114 CVEs

CVEs (114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25800 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.
CVE-2025-25799 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 6.0 MEDIUM· v3 N/A· v2 SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
CVE-2025-25797 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
CVE-2025-25796 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
CVE-2025-25794 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
CVE-2025-25793 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
CVE-2025-25792 1Seacms 1Seacms Mar 28, 2025 Feb 26, 2025 N/A· v4 4.4 MEDIUM· v3 N/A· v2 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
CVE-2025-25521 1Seacms 1Seacms Mar 28, 2025 Feb 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.
CVE-2025-25520 1Seacms 1Seacms Mar 28, 2025 Feb 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.
CVE-2025-25519 1Seacms 1Seacms Mar 28, 2025 Feb 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php.
CVE-2025-25517 1Seacms 1Seacms Mar 28, 2025 Feb 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php.
CVE-2025-25516 1Seacms 1Seacms Mar 28, 2025 Feb 25, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php.
CVE-2025-25515 1Seacms 1Seacms Mar 28, 2025 Feb 25, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
CVE-2025-25514 1Seacms 1Seacms Mar 28, 2025 Feb 25, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.
CVE-2025-22974 1Seacms 1Seacms Mar 25, 2025 Feb 24, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
CVE-2025-25513 1Seacms 1Seacms Mar 14, 2025 Feb 24, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
CVE-2024-54880 1Seacms 1Seacms Mar 28, 2025 Jan 6, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk.
CVE-2024-54879 1Seacms 1Seacms Mar 28, 2025 Jan 6, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
CVE-2024-55461 1Seacms 1Seacms Mar 28, 2025 Dec 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
CVE-2024-50808 1Seacms 1Seacms Mar 28, 2025 Nov 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.

Previous 123 4 5 6 Next