CVE-2023-37124

A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2023-37125

A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2022-23878

seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.

CVE-2023-44172

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.

CVE-2023-44169

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.

CVE-2023-44170

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.

CVE-2025-25513

Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.

CVE-2022-28076

Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.

CVE-2020-26642

A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.

CVE-2022-27336

Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.

CVE-2025-25514

Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.

CVE-2024-30565

An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.

CVE-2025-25796

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.

CVE-2025-44071

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.

CVE-2025-25517

Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php.

CVE-2025-25799

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.

CVE-2025-25516

Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php.

CVE-2025-25520

Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.

CVE-2025-25793

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.

CVE-2025-25802

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.

CVE-2025-22974

SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.

CVE-2025-25521

Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.

CVE-2025-25797

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.

CVE-2025-44072

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.

CVE-2025-25519

Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php.

CVE-2025-25794

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.

CVE-2025-25813

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.

CVE-2024-31611

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.

CVE-2025-3797

A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

CVE-2025-44073

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.

CVE-2024-50808

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.

CVE-2024-55461

SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().

CVE-2025-25792

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.

CVE-2025-3792

A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disc...

CVE-2025-4256

A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2025-44074

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.

CVE-2024-42599

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbi...

CVE-2025-25515

Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.

CVE-2023-43278

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

CVE-2024-6416

A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The a...

CVE-2024-40521

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulne...

CVE-2025-25800

SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.

CVE-2024-54880

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk.

CVE-2025-29647

SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.

CVE-2025-4257

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2022-43256

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.

CVE-2024-39027

SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked.

CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain ...

CVE-2024-44720

SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php.

CVE-2024-29275

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.