8 matches found
CVE-2018-17321
An issue was discovered in SeaCMS 6.64. XSS exists in admindatarelate.php via the time or maxHit parameter in a dorandomset action...
CVE-2018-16822
SeaCMS 6.64 allows SQL Injection via the upload/admin/adminvideo.php order parameter...
CVE-2018-16821
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...
Sql injection
SeaCMS 6.64 allows SQL Injection via the upload/admin/adminvideo.php order parameter...
Design/Logic Flaw
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...
CVE-2018-16822
SeaCMS 6.64 allows SQL Injection via the upload/admin/adminvideo.php order parameter...
CVE-2018-16821
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admintemplate.php?path=../templets/../../ requests...
Design/Logic Flaw
An issue was discovered in SeaCMS 6.64. XSS exists in adminvideo.php via the action, area, type, yuyan, jqtype, visunion, vrecycled, vismoney, or vispsd parameter...