16 matches found
EUVD-2018-4403
Malware in sbrugna...
CVE-2018-16348
SeaCMS V6.61 has XSS via the adminvideo.php vcontent parameter, related to the site name...
Cross site scripting
SeaCMS V6.61 has XSS via the adminvideo.php vcontent parameter, related to the site name...
CVE-2018-16348
SeaCMS V6.61 has XSS via the adminvideo.php vcontent parameter, related to the site name...
CVE-2018-14910
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address aka ip to /admin/adminip.php aka /adm1n/adminip.php. The code is executed by visiting adm1n/adminip.php or data/admin/ip.php. This can also be exploited through CSRF...
Cross site request forgery (csrf)
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address aka ip to /admin/adminip.php aka /adm1n/adminip.php. The code is executed by visiting adm1n/adminip.php or data/admin/ip.php. This can also be exploited through CSRF...
CVE-2018-14910
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address aka ip to /admin/adminip.php aka /adm1n/adminip.php. The code is executed by visiting adm1n/adminip.php or data/admin/ip.php. This can also be exploited through CSRF...
CVE-2018-14910
SeaCMS v6.61 is vulnerable to Remote Code Execution. An attacker can place PHP code via an allowed IP address (ip) that targets /admin/admin_ip.php (also reachable as /adm1n/admin_ip.php). The payload is executed when an affected endpoint is accessed (adm1n/admin_ip.php or data/admin/ip.php), ena...
CVE-2018-14421
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address aka vpic to /admin/adminvideo.php aka /backend/adminvideo.php. The code is executed by visiting /details/index.php. This can also be exploited through CSRF...
Cross site request forgery (csrf)
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address aka vpic to /admin/adminvideo.php aka /backend/adminvideo.php. The code is executed by visiting /details/index.php. This can also be exploited through CSRF...
CVE-2018-14421
SeaCMS v6.61 contains a Remote Code Execution vulnerability. An attacker can place PHP code in the movie picture address (v_pic) passed to /admin/admin_video.php (aka /backend/admin_video.php), which gets executed when visiting /details/index.php. The issue can also be exploited via CSRF, enablin...
CVE-2018-14421
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address aka vpic to /admin/adminvideo.php aka /backend/adminvideo.php. The code is executed by visiting /details/index.php. This can also be exploited through CSRF...
CVE-2018-12431
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/adminconfig.php page aka a system management page...
Cross site scripting
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/adminconfig.php page aka a system management page...
CVE-2018-12431
SeaCMS V6.61 is vulnerable to Cross‑Site Scripting via the site name parameter on adm1n/admin_config.php (system management page). The root cause is an XSS flaw in the site name input; impact is user‑visible script injection. The connected records confirm the vulnerability across multiple sources...
CVE-2018-12431
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/adminconfig.php page aka a system management page...