Seacms

seacms

114 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Seacms

seacms

114 CVEs

CVEs (114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-37125 1Seacms 1Seacms Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-37124 1Seacms 1Seacms Nov 21, 2024 Jul 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-2926 1Seacms 1Seacms Nov 21, 2024 May 27, 2023 N/A· v4 6.5 MEDIUM· v3 5.5 MEDIUM· v2 A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic l...Show more A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability.Show less
CVE-2023-0960 1Seacms 1Seacms Nov 21, 2024 Feb 22, 2023 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to...Show more A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-221630 is the identifier assigned to this vulnerability.Show less
CVE-2022-48093 1Seacms 1Seacms Mar 27, 2025 Feb 1, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.
CVE-2021-39426 1Seacms 1Seacms Apr 21, 2025 Dec 15, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.
CVE-2022-43256 1Seacms 1Seacms Apr 30, 2025 Nov 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
CVE-2022-28076 1Seacms 1Seacms Nov 21, 2024 May 4, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.
CVE-2022-27336 1Seacms 1Seacms Nov 21, 2024 Apr 27, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.
CVE-2022-23878 1Seacms 1Seacms Nov 21, 2024 Mar 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.
CVE-2021-37358 1Seacms 1Seacms Nov 21, 2024 Aug 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".
CVE-2021-29313 1Seacms 1Seacms Nov 21, 2024 Aug 17, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,
CVE-2020-28846 1Seacms 1Seacms Nov 21, 2024 Aug 17, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
CVE-2020-26642 1Seacms 1Seacms Nov 21, 2024 May 28, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
CVE-2020-21378 1Seacms 1Seacms Nov 21, 2024 Dec 21, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
CVE-2019-8418 1Seacms 1Seacms Nov 21, 2024 Feb 17, 2019 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
CVE-2018-19350 1Seacms 1Seacms Nov 21, 2024 Nov 17, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19349 1Seacms 1Seacms Nov 21, 2024 Nov 17, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-17365 1Seacms 1Seacms Nov 21, 2024 Sep 26, 2018 N/A· v4 7.5 HIGH· v3 6.4 MEDIUM· v2 SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
CVE-2018-17321 1Seacms 1Seacms Nov 21, 2024 Sep 22, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.

Previous 1 2 3 456 Next