Filtered by vendor Seacms
Subscriptions
Filtered by product Seacms
Subscriptions
Total
68 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13445 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | ||||
CVE-2018-17321 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. | ||||
CVE-2018-13444 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | ||||
CVE-2018-11583 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | ||||
CVE-2023-46010 | 1 Seacms | 1 Seacms | 2024-09-11 | 9.8 Critical |
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | ||||
CVE-2024-7163 | 1 Seacms | 1 Seacms | 2024-09-10 | 3.5 Low |
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability. | ||||
CVE-2024-44721 | 1 Seacms | 1 Seacms | 2024-09-09 | 9.8 Critical |
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | ||||
CVE-2024-44720 | 1 Seacms | 1 Seacms | 2024-09-09 | 7.5 High |
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. | ||||
CVE-2024-44919 | 1 Seacms | 1 Seacms | 2024-09-06 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. | ||||
CVE-2024-41444 | 1 Seacms | 1 Seacms | 2024-09-05 | 9.8 Critical |
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | ||||
CVE-2024-44683 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | ||||
CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | 9.8 Critical |
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | ||||
CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | ||||
CVE-2024-44916 | 1 Seacms | 1 Seacms | 2024-09-03 | 7.2 High |
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. | ||||
CVE-2024-44918 | 1 Seacms | 1 Seacms | 2024-09-03 | 3.5 Low |
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
CVE-2024-42599 | 1 Seacms | 1 Seacms | 2024-08-26 | 8.8 High |
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
CVE-2024-42598 | 1 Seacms | 1 Seacms | 2024-08-22 | 6.7 Medium |
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
CVE-2024-39036 | 1 Seacms | 1 Seacms | 2024-08-21 | 6.5 Medium |
SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. | ||||
CVE-2018-19350 | 1 Seacms | 1 Seacms | 2024-08-05 | N/A |
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | ||||
CVE-2018-19349 | 1 Seacms | 1 Seacms | 2024-08-05 | N/A |
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. |