EUVD-2024-54690

Malicious code in bioql PyPI...

CVE-2024-40522

There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and...

CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminweixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2024-7163

A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2024-7163 SeaCMS index.php cross site scripting

A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2024-7163

CVE-2024-7163 affects SeaCMS 12.9, exploiting an XSS in /js/player/dmplayer/player/index.php via the color/vid/url parameters. The vulnerability can be exploited remotely; multiple sources confirm public disclosure (VDB-272577). There is no explicit patch version stated in the provided documents....

CVE-2024-7163 SeaCMS index.php cross site scripting

A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2024-7162

SeaCMS 12.9/13.0 is affected by a cross-site scripting (XSS) vulnerability in the unknown functionality of js/player/dmplayer/admin/post.php?act=setting, triggered by manipulating the yzm parameter. The issue can be exploited remotely and has had public disclosure. Affected component: the post.ph...

CVE-2024-40522

There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and...

CVE-2024-40521

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admintemplate.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the...

CVE-2024-40520

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminconfigmark.php directly splicing and writing the user input data into incphotowatermarkconfig.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrar...

CVE-2024-40520

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminconfigmark.php directly splicing and writing the user input data into incphotowatermarkconfig.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrar...

CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminweixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2024-40519

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminsmtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminweixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2024-40518

Affected software/components: SeaCMS 12.9; vulnerable file: admin_weixin.php which writes user input directly into weixin.php without processing. Root cause / vulnerability type: Direct splicing/writing of unprocessed user input leading to remote code execution. Impact: Authenticated attackers ca...

CVE-2024-40519

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminsmtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...

CVE-2024-40522

There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and...

CVE-2024-40521

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admintemplate.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the...

CVE-2024-40519

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by adminsmtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain...