Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seacms
(Seacms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 71 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-06-17 | CVE-2024-40570 | SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component. | Seacms | N/A | ||
| 2025-05-05 | CVE-2025-4256 | A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | Seacms | 5.4 | ||
| 2025-05-06 | CVE-2025-44073 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. | Seacms | N/A | ||
| 2025-05-05 | CVE-2025-44071 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. | Seacms | 9.8 | ||
| 2025-05-05 | CVE-2025-44072 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. | Seacms | 9.8 | ||
| 2025-05-05 | CVE-2025-44074 | SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. | Seacms | 9.8 | ||
| 2022-11-16 | CVE-2022-43256 | SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | Seacms | 9.8 | ||
| 2024-07-05 | CVE-2024-39027 | SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. | Seacms | 7.5 | ||
| 2024-08-30 | CVE-2024-44683 | Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | Seacms | 6.1 | ||
| 2024-07-12 | CVE-2024-40522 | There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. | Seacms | 8.8 |