Filtered by vendor Seacms
Subscriptions
Filtered by product Seacms
Subscriptions
Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-44847 | 1 Seacms | 1 Seacms | 2024-09-19 | 7.2 High |
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | ||||
CVE-2023-44846 | 1 Seacms | 1 Seacms | 2024-09-19 | 8.8 High |
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | ||||
CVE-2024-7162 | 1 Seacms | 1 Seacms | 2024-09-19 | 3.5 Low |
A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576. | ||||
CVE-2024-7161 | 1 Seacms | 1 Seacms | 2024-09-19 | 4.3 Medium |
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575. | ||||
CVE-2023-44848 | 1 Seacms | 1 Seacms | 2024-09-19 | 8.1 High |
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. | ||||
CVE-2018-13445 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. | ||||
CVE-2018-17321 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. | ||||
CVE-2018-13444 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. | ||||
CVE-2018-11583 | 1 Seacms | 1 Seacms | 2024-09-16 | N/A |
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. | ||||
CVE-2023-46010 | 1 Seacms | 1 Seacms | 2024-09-11 | 9.8 Critical |
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | ||||
CVE-2024-7163 | 1 Seacms | 1 Seacms | 2024-09-10 | 3.5 Low |
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability. | ||||
CVE-2024-44721 | 1 Seacms | 1 Seacms | 2024-09-09 | 9.8 Critical |
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | ||||
CVE-2024-44720 | 1 Seacms | 1 Seacms | 2024-09-09 | 7.5 High |
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. | ||||
CVE-2024-44919 | 1 Seacms | 1 Seacms | 2024-09-06 | 5.4 Medium |
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter. | ||||
CVE-2024-41444 | 1 Seacms | 1 Seacms | 2024-09-05 | 9.8 Critical |
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. | ||||
CVE-2024-44683 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | ||||
CVE-2024-44921 | 1 Seacms | 1 Seacms | 2024-09-04 | 9.8 Critical |
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | ||||
CVE-2024-44920 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. | ||||
CVE-2024-44918 | 1 Seacms | 1 Seacms | 2024-09-03 | 3.5 Low |
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
CVE-2024-44916 | 1 Seacms | 1 Seacms | 2024-09-03 | 7.2 High |
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. |