Seacms Security Vulnerabilities (CVEs)
Track 51 security vulnerabilities affecting Seacms products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows remote attackers to execute SQL injection attacks against SeaCMS versions up to 13.3 through manipulation of the e_id parame...
Dec 22, 2025This SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through manipulated page/limit parameters in the ...
Dec 21, 2025An information disclosure vulnerability in SeaCMS 13.1 allows authenticated administrators to scan and download files from the server's root directory...
Oct 3, 2025This SQL injection vulnerability in SeaCMS allows attackers to manipulate database queries through the /admin_members.php endpoint. Attackers can pote...
Sep 18, 2025This CVE describes an SQL injection vulnerability in SeaCMS v.12.9 that allows a remote attacker to execute arbitrary SQL commands via the admin_datar...
Jun 17, 2025SeaCMS v13.3 contains a SQL injection vulnerability in the admin_comment_news.php component that allows attackers to execute arbitrary SQL commands. T...
May 6, 2025SeaCMS v13.3 contains a SQL injection vulnerability in the admin_topic.php component that allows attackers to execute arbitrary SQL commands. This aff...
May 5, 2025SeaCMS v13.3 contains a remote code execution vulnerability in phomebak.php that allows attackers to execute arbitrary code via crafted HTTP requests....
May 5, 2025This critical SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands via the e_id parameter in the /admin_top...
Apr 19, 2025This critical SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through the /admin_link.php endpoint. At...
Apr 18, 2025SeaCMS v13.3 contains a remote code execution vulnerability in the admin_ip.php component that allows attackers to execute arbitrary code on affected ...
Feb 26, 2025SeaCMS v13.3 contains a remote code execution vulnerability in the admin_notify.php component that allows attackers to execute arbitrary code on affec...
Feb 26, 2025SeaCMS v13.3 contains a remote code execution vulnerability in admin_template.php that allows attackers to execute arbitrary code on affected systems....
Feb 26, 2025SeaCMS 13.3 contains an arbitrary file read vulnerability in the admin_safe.php file that allows attackers to read sensitive files on the server. This...
Feb 26, 2025Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_paylog.php that allows attackers to execute arbitrary SQL commands. This aff...
Feb 25, 2025SeaCMS versions up to 13.3 contain a SQL injection vulnerability in the admin_zyk.php file that allows attackers to execute arbitrary SQL commands. Th...
Feb 25, 2025Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_type_news.php that allows attackers to execute arbitrary SQL commands. This ...
Feb 25, 2025This SQL injection vulnerability in Seacms allows attackers to execute arbitrary SQL commands through the admin_collect_news.php endpoint. It affects ...
Feb 25, 2025Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_collect.php that allows authenticated attackers to execute arbitrary SQL com...
Feb 25, 2025This SQL injection vulnerability in SeaCMS allows remote attackers to execute arbitrary SQL commands through the DoTranExecSql parameter in phome.php....
Feb 24, 2025Seacms versions up to 13.3 contain a SQL injection vulnerability in admin_members.php that allows attackers to execute arbitrary SQL commands. This af...
Feb 24, 2025SeaCMS V13.1 contains an incorrect access control vulnerability that allows attackers to bypass registration limits and create accounts in bulk. This ...
Jan 6, 2025SeaCMS versions up to 13.0 contain a command injection vulnerability in phome.php through the Ebak_RepPathFiletext() function. This allows attackers t...
Dec 18, 2024SeaCms 13.1 contains a code injection vulnerability in the admin notification module that allows authenticated backend users to execute arbitrary code...
Nov 8, 2024SeaCMS 13.2 contains a remote code execution vulnerability in sql.class.chp where a security check function is bypassed during execution. Attackers ca...
Sep 20, 2024SeaCMS v13.1 contains an arbitrary file read vulnerability in admin_safe.php that allows attackers to read sensitive files on the server. This affects...
Sep 9, 2024SeaCMS v13.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the /admin_reslib.php file via the url parameter. This allows attackers to...
Sep 9, 2024This is a cross-site scripting (XSS) vulnerability in SeaCMS v12.9 that allows attackers to inject malicious scripts into the admin_collect_news.php c...
Sep 3, 2024SeaCMS v12.9 contains a SQL injection vulnerability in the id parameter at /dmplayer/dmku/index.php?ac=del. This allows attackers to execute arbitrary...
Sep 3, 2024Seacms v13 contains a cross-site scripting vulnerability in admin-video.php that allows attackers to inject malicious scripts into web pages viewed by...
Aug 30, 2024This vulnerability in Seacms v13.1 allows attackers to inject malicious IP parameters through the admin_ip.php file, which are then written to a confi...
Aug 30, 2024This is a cross-site scripting (XSS) vulnerability in SeaCMS v12.9's admin_ads.php component that allows attackers to inject malicious scripts into ad...
Aug 29, 2024SeaCMS 13.0 contains a remote code execution vulnerability in admin_files.php where authenticated attackers can bypass file editing restrictions to wr...
Aug 22, 2024SeaCMS 13.0 has an authenticated remote code execution vulnerability in admin_editplayer.php where attackers can bypass file restrictions to write and...
Aug 20, 2024This CSRF vulnerability in SeaCMS 13.0 allows attackers to trick authenticated users into changing their passwords without their consent by manipulati...
Jul 28, 2024SeaCMS 12.9 contains a remote code execution vulnerability in phomebak.php where unfiltered variable names are written into PHP files. Authenticated a...
Jul 12, 2024SeaCMS 12.9 contains a remote code execution vulnerability in admin_weixin.php where unvalidated user input is directly written to weixin.php. Authent...
Jul 12, 2024SeaCMS 12.9 has a remote code execution vulnerability in admin_config_mark.php that allows authenticated attackers to inject arbitrary code into inc_p...
Jul 12, 2024This vulnerability in SeaCMS allows remote attackers to execute arbitrary code via the admin_ping.php file. It affects SeaCMS versions up to and inclu...
Jul 5, 2024SeaCMS version 12.9 contains a vulnerability in admin/notify.php that allows remote attackers to execute arbitrary code. This is a code injection vuln...
Apr 4, 2024This critical SQL injection vulnerability in SeaCMS version 12.9 allows unauthenticated attackers to execute arbitrary SQL commands via the id paramet...
Mar 22, 2024SeaCMS v12.9 contains a remote code execution vulnerability in the /augap/adminip.php component that allows attackers to execute arbitrary code on aff...
Dec 28, 2023This vulnerability in SeaCMS v12.9 allows remote attackers to execute arbitrary commands through the admin_safe.php component. This is a critical remo...
Oct 25, 2023This vulnerability in SeaCMS v12.8 allows attackers to execute arbitrary code through the admin_Weixin.php component. It affects all systems running t...
Oct 10, 2023SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_notify.php that allows attackers to write malicious files to the server. This aff...
Sep 27, 2023SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_smtp.php that allows attackers to write malicious files to the server. This affec...
Sep 27, 2023SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_ip.php that allows attackers to write malicious files to the server. This affects...
Sep 27, 2023This CSRF vulnerability in Seacms allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visiting malici...
Sep 25, 2023CVE-2022-27336 is a remote code execution vulnerability in Seacms v11.6 that allows attackers to execute arbitrary code via the /admin/weixin.php comp...
Apr 27, 2022CVE-2022-23878 is an arbitrary code execution vulnerability in SeaCMS V11.5's admin_config.php file that allows attackers to execute arbitrary PHP cod...
Mar 2, 2022Why Monitor Seacms Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 51+ known vulnerabilities affecting Seacms products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Seacms packages in under 60 seconds. No agents required - completely agentless scanning that works across Seacms deployments.
Free vulnerability database: Access detailed information about every Seacms CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Seacms CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
