Filtered by vendor Seacms
Subscriptions
Filtered by product Seacms
Subscriptions
Total
72 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-46640 | 1 Seacms | 1 Seacms | 2024-09-26 | 9.8 Critical |
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. | ||||
CVE-2024-44721 | 1 Seacms | 1 Seacms | 2024-09-09 | 9.8 Critical |
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | ||||
CVE-2024-44720 | 1 Seacms | 1 Seacms | 2024-09-09 | 7.5 High |
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. | ||||
CVE-2024-44919 | 1 Seacms | 1 Seacms | 2024-09-07 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. | ||||
CVE-2024-41444 | 1 Seacms | 1 Seacms | 2024-09-05 | 9.8 Critical |
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | ||||
CVE-2024-44683 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | ||||
CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | 9.8 Critical |
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | ||||
CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | ||||
CVE-2024-44916 | 1 Seacms | 1 Seacms | 2024-09-03 | 7.2 High |
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. | ||||
CVE-2024-44918 | 1 Seacms | 1 Seacms | 2024-09-03 | 3.5 Low |
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
CVE-2024-42599 | 1 Seacms | 1 Seacms | 2024-08-26 | 8.8 High |
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
CVE-2024-42598 | 1 Seacms | 1 Seacms | 2024-08-22 | 6.7 Medium |
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. |