📦 Seacms

SeaCMS v13.3 contains a SQL injection vulnerability in the admin_comment_news.php component that allows attackers to execute arbitrary SQL commands. This affects all SeaCMS v13.3 installations with th...

SeaCMS v13.3 contains a SQL injection vulnerability in the admin_topic.php component that allows attackers to execute arbitrary SQL commands. This affects all SeaCMS v13.3 installations with the vulne...

SeaCMS v13.3 contains a remote code execution vulnerability in phomebak.php that allows attackers to execute arbitrary code via crafted HTTP requests. This affects all SeaCMS v13.3 installations with ...

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_paylog.php that allows attackers to execute arbitrary SQL commands. This affects all Seacms installations running vulnerable v...

SeaCMS versions up to 13.3 contain a SQL injection vulnerability in the admin_zyk.php file that allows attackers to execute arbitrary SQL commands. This affects all SeaCMS installations running vulner...

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_type_news.php that allows attackers to execute arbitrary SQL commands. This affects all Seacms installations running vulnerabl...

This SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through the DoTranExecSql parameter in phome.php. Attackers can potentially read, modify, or delete...

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_members.php that allows attackers to execute arbitrary SQL commands. This affects all Seacms installations running vulnerable ...

SeaCMS V13.1 contains an incorrect access control vulnerability that allows attackers to bypass registration limits and create accounts in bulk. This affects all SeaCMS V13.1 installations with user r...

SeaCMS versions up to 13.0 contain a command injection vulnerability in phome.php through the Ebak_RepPathFiletext() function. This allows attackers to execute arbitrary commands on the server with th...

SeaCMS 13.2 contains a remote code execution vulnerability in sql.class.chp where a security check function is bypassed during execution. Attackers can exploit this by writing malicious code through M...

SeaCMS v13.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /admin_reslib.php file via the url parameter. This allows attackers to make arbitrary HTTP requests from the vulnerable ...

SeaCMS v12.9 contains a SQL injection vulnerability in the id parameter at /dmplayer/dmku/index.php?ac=del. This allows attackers to execute arbitrary SQL commands on the database. All SeaCMS v12.9 in...

This vulnerability in SeaCMS allows remote attackers to execute arbitrary code via the admin_ping.php file. It affects SeaCMS versions up to and including 12.9, enabling complete system compromise of ...

This critical SQL injection vulnerability in SeaCMS version 12.9 allows unauthenticated attackers to execute arbitrary SQL commands via the id parameter. Attackers can potentially read, modify, or del...

This vulnerability in SeaCMS v12.9 allows remote attackers to execute arbitrary commands through the admin_safe.php component. This is a critical remote code execution flaw affecting all SeaCMS v12.9 ...

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_notify.php that allows attackers to write malicious files to the server. This affects all SeaCMS V12.9 installations with the admin...

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_smtp.php that allows attackers to write malicious files to the server. This affects all SeaCMS V12.9 installations with the vulnera...

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_ip.php that allows attackers to write malicious files to the server. This affects all SeaCMS V12.9 installations with the vulnerabl...

CVE-2022-27336 is a remote code execution vulnerability in Seacms v11.6 that allows attackers to execute arbitrary code via the /admin/weixin.php component. This affects all systems running the vulner...

This SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through manipulated page/limit parameters in the dmplayer component. It affects all SeaCMS installa...

Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_collect.php that allows authenticated attackers to execute arbitrary SQL commands against the database. This affects all Seacm...

SeaCms 13.1 contains a code injection vulnerability in the admin notification module that allows authenticated backend users to execute arbitrary code. This affects administrators with access to the b...

SeaCMS v13.1 contains an arbitrary file read vulnerability in admin_safe.php that allows attackers to read sensitive files on the server. This affects all SeaCMS v13.1 installations with the vulnerabl...

This vulnerability in Seacms v13.1 allows attackers to inject malicious IP parameters through the admin_ip.php file, which are then written to a configuration file and can lead to arbitrary command ex...

SeaCMS 13.0 contains a remote code execution vulnerability in admin_files.php where authenticated attackers can bypass file editing restrictions to write and execute arbitrary code. This allows attack...

SeaCMS 12.9 contains a remote code execution vulnerability in phomebak.php where unfiltered variable names are written into PHP files. Authenticated attackers can exploit this to execute arbitrary com...

SeaCMS 12.9 contains a remote code execution vulnerability in admin_weixin.php where unvalidated user input is directly written to weixin.php. Authenticated attackers can exploit this to execute arbit...

SeaCMS 12.9 has a remote code execution vulnerability in admin_config_mark.php that allows authenticated attackers to inject arbitrary code into inc_photowatermark_config.php. This enables attackers t...

SeaCMS version 12.9 contains a vulnerability in admin/notify.php that allows remote attackers to execute arbitrary code. This is a code injection vulnerability (CWE-94) that affects all SeaCMS 12.9 in...

SeaCMS v12.9 contains a remote code execution vulnerability in the /augap/adminip.php component that allows attackers to execute arbitrary code on affected servers. This affects all SeaCMS v12.9 insta...

This vulnerability in SeaCMS v12.8 allows attackers to execute arbitrary code through the admin_Weixin.php component. It affects all systems running the vulnerable version of SeaCMS, potentially compr...

This CSRF vulnerability in Seacms allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visiting malicious web pages. It affects Seacms installations up ...

This vulnerability allows remote attackers to execute SQL injection attacks against SeaCMS versions up to 13.3 through manipulation of the e_id parameter in admin_video.php. Attackers can potentially ...

An information disclosure vulnerability in SeaCMS 13.1 allows authenticated administrators to scan and download files from the server's root directory via the admin_safe.php component. This affects Se...

This SQL injection vulnerability in SeaCMS allows attackers to manipulate database queries through the /admin_members.php endpoint. Attackers can potentially read, modify, or delete database content. ...

This CVE describes an SQL injection vulnerability in SeaCMS v.12.9 that allows a remote attacker to execute arbitrary SQL commands via the admin_datarelate.php component. This can lead to unauthorized...

This critical SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands via the e_id parameter in the /admin_topic.php?action=delall endpoint. Attackers can poten...

This critical SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through the /admin_link.php endpoint. Attackers can potentially read, modify, or delete da...

SeaCMS v13.3 contains a remote code execution vulnerability in the admin_ip.php component that allows attackers to execute arbitrary code on affected systems. This affects all SeaCMS v13.3 installatio...

SeaCMS v13.3 contains a remote code execution vulnerability in the admin_notify.php component that allows attackers to execute arbitrary code on affected systems. This affects all SeaCMS v13.3 install...

SeaCMS v13.3 contains a remote code execution vulnerability in admin_template.php that allows attackers to execute arbitrary code on affected systems. This affects all SeaCMS v13.3 installations with ...

SeaCMS 13.3 contains an arbitrary file read vulnerability in the admin_safe.php file that allows attackers to read sensitive files on the server. This affects all SeaCMS 13.3 installations with defaul...

This SQL injection vulnerability in Seacms allows attackers to execute arbitrary SQL commands through the admin_collect_news.php endpoint. It affects Seacms version 13.3 and earlier, potentially compr...

This is a cross-site scripting (XSS) vulnerability in SeaCMS v12.9 that allows attackers to inject malicious scripts into the admin_collect_news.php component via the siteurl parameter. Attackers can ...

Seacms v13 contains a cross-site scripting vulnerability in admin-video.php that allows attackers to inject malicious scripts into web pages viewed by administrators. This affects administrators of Se...

This is a cross-site scripting (XSS) vulnerability in SeaCMS v12.9's admin_ads.php component that allows attackers to inject malicious scripts into ad descriptions. When exploited, it enables executio...

SeaCMS 13.0 has an authenticated remote code execution vulnerability in admin_editplayer.php where attackers can bypass file restrictions to write and execute arbitrary code. This allows authenticated...

This CSRF vulnerability in SeaCMS 13.0 allows attackers to trick authenticated users into changing their passwords without their consent by manipulating the password change form. Attackers can launch ...