Product:

Seacms

(Seacms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 72
Date Id Summary Products Score Patch Annotated
2025-02-24 CVE-2025-25513 Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php. Seacms 9.8
2024-06-10 CVE-2024-31611 SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. Seacms 9.1
2024-07-12 CVE-2024-40521 SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. Seacms 8.8
2020-12-21 CVE-2020-21378 SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. Seacms 9.8
2021-05-28 CVE-2020-26642 A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. Seacms 6.1
2021-08-17 CVE-2020-28846 Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. Seacms 6.5
2021-08-17 CVE-2021-29313 Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, Seacms 6.1
2021-08-18 CVE-2021-37358 SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". Seacms 9.8
2022-03-02 CVE-2022-23878 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. Seacms 9.8
2022-04-27 CVE-2022-27336 Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. Seacms 9.8