Seacms Security Vulnerabilities and Issues — Seacms CVE List

Lucene search

SeacmsSeacms

40 matches found

CVE•added 2022/03/02 7:15 p.m.•92 views

CVE-2022-23878

seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.

9.8CVSS9.7AI score0.00866EPSS

CVE•added 2023/09/27 3:19 p.m.•92 views

CVE-2023-44172

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.

9.8CVSS9.5AI score0.00362EPSS

CVE•added 2023/09/27 3:19 p.m.•83 views

CVE-2023-44169

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.

9.8CVSS9.5AI score0.00362EPSS

CVE•added 2023/09/27 3:19 p.m.•78 views

CVE-2023-44170

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.

9.8CVSS9.5AI score0.00362EPSS

CVE•added 2025/02/24 10:15 p.m.•71 views

CVE-2025-25513

Seacms

9.8CVSS8.3AI score0.00137EPSS

CVE•added 2022/04/27 4:15 p.m.•64 views

CVE-2022-27336

Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.

9.8CVSS9.9AI score0.11069EPSS

CVE•added 2025/05/05 10:15 p.m.•59 views

CVE-2025-44071

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.

9.8CVSS8.9AI score0.00549EPSS

CVE•added 2025/02/25 10:15 p.m.•58 views

CVE-2025-25517

Seacms

9.8CVSS7.6AI score0.00137EPSS

CVE•added 2025/02/25 10:15 p.m.•57 views

CVE-2025-25516

Seacms

9.8CVSS8.3AI score0.00137EPSS

CVE•added 2025/02/25 10:15 p.m.•57 views

CVE-2025-25520

Seacms

9.8CVSS8.1AI score0.00137EPSS

CVE•added 2025/02/24 11:15 p.m.•56 views

CVE-2025-22974

SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.

9.8CVSS9AI score0.00351EPSS

CVE•added 2025/02/25 10:15 p.m.•56 views

CVE-2025-25521

Seacms

9.8CVSS8.3AI score0.00137EPSS

CVE•added 2025/05/05 10:15 p.m.•56 views

CVE-2025-44072

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.

9.8CVSS8.3AI score0.00049EPSS

CVE•added 2025/02/25 10:15 p.m.•55 views

CVE-2025-25519

Seacms

9.8CVSS8AI score0.00137EPSS

CVE•added 2024/06/10 5:16 p.m.•52 views

CVE-2024-31611

SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.

9.1CVSS7AI score0.00228EPSS

CVE•added 2025/05/06 9:16 p.m.•51 views

CVE-2025-44073

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.

9.8CVSS7.9AI score0.00049EPSS

CVE•added 2024/12/18 11:15 p.m.•48 views

CVE-2024-55461

SeaCMS

9.8CVSS7.1AI score0.00762EPSS

CVE•added 2025/05/05 10:15 p.m.•48 views

CVE-2025-44074

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.

9.8CVSS8.3AI score0.00049EPSS

CVE•added 2024/06/30 10:15 p.m.•46 views

CVE-2024-6416

A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The a...

9.8CVSS6.8AI score0.0016EPSS

CVE•added 2025/01/06 6:15 p.m.•44 views

CVE-2024-54880

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk.

9.1CVSS6.5AI score0.02085EPSS

CVE•added 2025/04/03 7:15 p.m.•44 views

CVE-2025-29647

SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.

9.8CVSS8.1AI score0.00049EPSS

CVE•added 2022/11/16 3:15 p.m.•43 views

CVE-2022-43256

SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.

9.8CVSS9.7AI score0.00066EPSS

CVE•added 2024/03/22 5:15 a.m.•42 views

CVE-2024-29275

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.

9.8CVSS8.4AI score0.57443EPSS

CVE•added 2020/12/21 7:15 p.m.•40 views

CVE-2020-21378

SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.

9.8CVSS9.7AI score0.11EPSS

CVE•added 2024/09/09 4:15 p.m.•40 views

CVE-2024-44721

SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.

9.8CVSS7.3AI score0.00263EPSS

CVE•added 2023/09/27 3:19 p.m.•39 views

CVE-2023-43222

SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.

9.8CVSS9.4AI score0.00228EPSS

CVE•added 2021/08/18 3:15 p.m.•38 views

CVE-2021-37358

SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".

9.8CVSS9.9AI score0.01632EPSS

CVE•added 2023/02/22 6:15 p.m.•38 views

CVE-2023-0960

A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been dis...

9.8CVSS7AI score0.00053EPSS

CVE•added 2023/09/27 3:19 p.m.•38 views

CVE-2023-44171

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.

9.8CVSS9.5AI score0.00362EPSS

CVE•added 2024/09/03 12:15 p.m.•37 views

CVE-2024-44921

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.

9.8CVSS7.8AI score0.00103EPSS

CVE•added 2024/09/20 9:15 p.m.•37 views

CVE-2024-46640

SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method.

9.8CVSS7.8AI score0.02212EPSS

CVE•added 2025/01/06 6:15 p.m.•37 views

CVE-2024-54879

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.

9.1CVSS6.5AI score0.02085EPSS

CVE•added 2024/07/05 2:15 p.m.•36 views

CVE-2024-39028

An issue was discovered in SeaCMS

9.8CVSS8.3AI score0.02565EPSS

CVE•added 2024/08/26 5:15 p.m.•36 views

CVE-2024-41444

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.

9.8CVSS7.9AI score0.00136EPSS

CVE•added 2018/09/21 5:29 p.m.•35 views

CVE-2018-16822

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.

9.8CVSS9.8AI score0.00419EPSS

CVE•added 2022/12/15 7:15 p.m.•35 views

CVE-2021-39426

An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.

9.8CVSS9.6AI score0.00116EPSS

CVE•added 2018/09/04 4:29 a.m.•31 views

CVE-2018-16444

An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.

9.1CVSS9.1AI score0.00341EPSS

CVE•added 2023/10/25 6:17 p.m.•31 views

CVE-2023-46010

An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.

9.8CVSS9.6AI score0.00275EPSS

CVE•added 2018/09/04 4:29 a.m.•29 views

CVE-2018-16445

An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2023/09/27 3:19 p.m.•27 views

CVE-2023-43216

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.

9.8CVSS9.5AI score0.00362EPSS