Filtered by vendor Seacms
Subscriptions
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25519 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php. | ||||
| CVE-2025-25520 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php. | ||||
| CVE-2025-25521 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php. | ||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | 4.4 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | ||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | ||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | ||||
| CVE-2025-25796 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | ||||
| CVE-2025-25797 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | ||||
| CVE-2025-25799 | 1 Seacms | 1 Seacms | 2025-03-28 | 6 Medium |
| SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php. | ||||
| CVE-2025-25800 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.3 Medium |
| SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php. | ||||
| CVE-2025-25802 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | ||||
| CVE-2025-25813 | 1 Seacms | 1 Seacms | 2025-03-28 | 5.1 Medium |
| SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | ||||
| CVE-2024-55461 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). | ||||
| CVE-2024-42598 | 1 Seacms | 1 Seacms | 2025-03-28 | 6.7 Medium |
| SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
| CVE-2024-30565 | 1 Seacms | 1 Seacms | 2025-03-28 | 8.8 High |
| An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. | ||||
| CVE-2024-29275 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.8 Critical |
| SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. | ||||
| CVE-2022-48093 | 1 Seacms | 1 Seacms | 2025-03-27 | 7.2 High |
| Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. | ||||
| CVE-2024-40519 | 1 Seacms | 1 Seacms | 2025-03-25 | 8.8 High |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. | ||||
| CVE-2025-22974 | 1 Seacms | 1 Seacms | 2025-03-25 | 9.8 Critical |
| SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component. | ||||
| CVE-2024-44683 | 1 Seacms | 1 Seacms | 2025-03-20 | 6.1 Medium |
| Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | ||||