4 matches found
CVE-2025-15002
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
CVE-2025-44073
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admincommentnews.php...
CVE-2025-29647
SeaCMS v13.3 has a SQL injection vulnerability in the component admintempvideo.php...
CVE-2024-54880
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk...