13 matches found
EUVD-2018-4403
Malware in sbrugna...
CVE-2018-16348
SeaCMS V6.61 has XSS via the adminvideo.php vcontent parameter, related to the site name...
CVE-2018-16348
SeaCMS V6.61 has XSS via the adminvideo.php vcontent parameter, related to the site name...
Cross site request forgery (csrf)
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address aka ip to /admin/adminip.php aka /adm1n/adminip.php. The code is executed by visiting adm1n/adminip.php or data/admin/ip.php. This can also be exploited through CSRF...
CVE-2018-14910
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address aka ip to /admin/adminip.php aka /adm1n/adminip.php. The code is executed by visiting adm1n/adminip.php or data/admin/ip.php. This can also be exploited through CSRF...
CVE-2018-14910
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address aka ip to /admin/adminip.php aka /adm1n/adminip.php. The code is executed by visiting adm1n/adminip.php or data/admin/ip.php. This can also be exploited through CSRF...
CVE-2018-14421
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address aka vpic to /admin/adminvideo.php aka /backend/adminvideo.php. The code is executed by visiting /details/index.php. This can also be exploited through CSRF...
Cross site request forgery (csrf)
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address aka vpic to /admin/adminvideo.php aka /backend/adminvideo.php. The code is executed by visiting /details/index.php. This can also be exploited through CSRF...
CVE-2018-14421
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address aka vpic to /admin/adminvideo.php aka /backend/adminvideo.php. The code is executed by visiting /details/index.php. This can also be exploited through CSRF...
Cross site scripting
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/adminconfig.php page aka a system management page...
CVE-2018-12431
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/adminconfig.php page aka a system management page...
CVE-2018-12431
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/adminconfig.php page aka a system management page...
CVE-2018-12431
SeaCMS V6.61 is vulnerable to Cross‑Site Scripting via the site name parameter on adm1n/admin_config.php (system management page). The root cause is an XSS flaw in the site name input; impact is user‑visible script injection. The connected records confirm the vulnerability across multiple sources...