Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seacms
(Seacms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-10 | CVE-2023-44848 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. | Seacms | 8.1 | ||
| 2023-10-25 | CVE-2023-46010 | An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | Seacms | 9.8 | ||
| 2023-12-28 | CVE-2023-46987 | SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. | Seacms | 8.8 | ||
| 2023-12-28 | CVE-2023-50470 | A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | Seacms | 5.4 | ||
| 2024-07-05 | CVE-2024-39028 | An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | Seacms | 9.8 | ||
| 2024-07-12 | CVE-2024-40518 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | Seacms | 8.8 | ||
| 2024-07-12 | CVE-2024-40519 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | Seacms | 8.8 | ||
| 2024-07-12 | CVE-2024-40520 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | Seacms | 8.8 | ||
| 2024-07-16 | CVE-2024-39036 | SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. | Seacms | 6.5 | ||
| 2024-07-28 | CVE-2024-7161 | A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575. | Seacms | 6.5 |