Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seacms
(Seacms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-19 | CVE-2018-14421 | SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. | Seacms | 8.8 | ||
| 2018-07-08 | CVE-2018-13445 | An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | Seacms | 8.8 | ||
| 2018-07-08 | CVE-2018-13444 | An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | Seacms | 8.8 | ||
| 2018-06-14 | CVE-2018-12431 | SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). | Seacms | 4.8 | ||
| 2018-05-31 | CVE-2018-11583 | SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | Seacms | 6.1 |