EUVD-2018-8194

Malware in sbrugna...

CVE-2018-11583

SeaCMS 6.61 has stored XSS in admincollect.php via the siteurl parameter...

Server side request forgery (ssrf)

An issue was discovered in SeaCMS 6.61. adm1n/adminreslib.php has SSRF via the url parameter...

CVE-2018-16444

An issue was discovered in SeaCMS 6.61. adm1n/adminreslib.php has SSRF via the url parameter...

CVE-2018-16446

CVE-2018-16446 affects SeaCMS

SeaCMS Code Execution Vulnerability

SeaCMS is a free and open source web content management system written in PHP. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS version 6.61, which originates from the 'parseIf' function in the include/main.class.php file...

SeaCMS SQL Injection Vulnerability (CNVD-2019-08332)

SeaCMS Ocean CMS is a professional open source free PHP film and television system. 6.61 and earlier versions of SeaCMS SQL injection vulnerability, attackers can through the adm1n/admintopicvod.php request in the tid parameter to take advantage of the vulnerability for SQL injection attacks...

CVE-2018-16343

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf in include/main.class.php does not block use of $GLOBALS...

CVE-2018-16343

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf in include/main.class.php does not block use of $GLOBALS...

CVE-2018-16343

SeaCMS 6.61 contains a remote code execution flaw: the parseIf() function in include/main.class.php fails to block use of $GLOBALS, enabling attackers to run arbitrary code. This has been documented across multiple sources (CNVD-2018-19075 and NVD/NVD-derived entries) and is tied to SeaCMS’s PHP ...

Arbitrary File Deletion Vulnerability in seacms v6.61

seacms is a free and open source web content management system written in PHP. The system is mainly used to manage video-on-demand resources. seacms v6.61 version of the arbitrary file deletion vulnerability , an attacker can use the vulnerability to arbitrarily delete files...

CVE-2018-14517

SeaCMS 6.61 has two XSS issues in the adminconfig.php file via certain form fields...

CVE-2018-14517

SeaCMS 6.61 has two XSS issues in the adminconfig.php file via certain form fields...

CVE-2018-14517

SeaCMS 6.61 contains two reflected XSS flaws in admin_config.php form fields. Reports (NVD, CNVD) describe remote exploitation leading to arbitrary script/HTML execution in affected installations. Root cause: improper input handling in admin_config.php; impact includes user session or data exposu...

CVE-2018-13445

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/adminmanager.php?action=add...

CVE-2018-13444

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/adminmanager.php?action=save&id=2...

Cross site request forgery (csrf)

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/adminmanager.php?action=add...

CVE-2018-13445

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/adminmanager.php?action=add...

CVE-2018-13444

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/adminmanager.php?action=save&id=2...

Cross site scripting

SeaCMS 6.61 has stored XSS in admincollect.php via the siteurl parameter...