ReportizFlow
Filtered by vendor Seacms
Subscriptions
Filtered by product Seacms
Subscriptions
Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29647 | 1 Seacms | 1 Seacms | 2025-04-08 | 9.8 Critical |
| SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. | ||||
| CVE-2024-6416 | 1 Seacms | 1 Seacms | 2025-04-05 | 6.3 Medium |
| A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270007. | ||||
| CVE-2024-42599 | 1 Seacms | 1 Seacms | 2025-03-28 | 8.8 High |
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
| CVE-2024-44916 | 1 Seacms | 1 Seacms | 2025-03-28 | 7.2 High |
| Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. | ||||
| CVE-2024-44918 | 1 Seacms | 1 Seacms | 2025-03-28 | 3.5 Low |
| A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-44720 | 1 Seacms | 1 Seacms | 2025-03-28 | 7.5 High |
| SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. | ||||
| CVE-2024-44721 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | ||||
| CVE-2024-46640 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. | ||||
| CVE-2024-50808 | 1 Seacms | 1 Seacms | 2025-03-28 | 8.8 High |
| SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php. | ||||
| CVE-2024-54879 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.1 Critical |
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely. | ||||
| CVE-2024-54880 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.1 Critical |
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. | ||||
| CVE-2025-25514 | 1 Seacms | 1 Seacms | 2025-03-28 | 6.5 Medium |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. | ||||
| CVE-2025-25515 | 1 Seacms | 1 Seacms | 2025-03-28 | 8.8 High |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database. | ||||
| CVE-2025-25516 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php. | ||||
| CVE-2025-25517 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php. | ||||
| CVE-2025-25519 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php. | ||||
| CVE-2025-25520 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php. | ||||
| CVE-2025-25521 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php. | ||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | 4.4 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | ||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | ||||