Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15003 | 1 Seacms | 1 Seacms | 2026-02-24 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2020-36932 | 1 Seacms | 1 Seacms | 2026-02-02 | N/A | 6.1 MEDIUM |
|
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.
|
|||||
| CVE-2025-15002 | 1 Seacms | 1 Seacms | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-11071 | 1 Seacms | 1 Seacms | 2025-10-10 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-60449 | 1 Seacms | 1 Seacms | 2025-10-08 | N/A | 4.9 MEDIUM |
|
An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan and download not only the application’s source code but also potentially any file accessible on the server’s root directory.
|
|||||
| CVE-2025-4257 | 1 Seacms | 1 Seacms | 2025-10-06 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-10662 | 1 Seacms | 1 Seacms | 2025-09-19 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This affects another injection point than CVE-2025-25513.
|
|||||
| CVE-2025-50592 | 1 Seacms | 1 Seacms | 2025-08-15 | N/A | 5.4 MEDIUM |
|
Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.
|
|||||
| CVE-2025-3792 | 1 Seacms | 1 Seacms | 2025-07-15 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3797 | 1 Seacms | 1 Seacms | 2025-07-15 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6864 | 1 Seacms | 1 Seacms | 2025-07-01 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-40570 | 1 Seacms | 1 Seacms | 2025-06-23 | N/A | 6.5 MEDIUM |
|
SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component.
|
|||||
| CVE-2025-4256 | 1 Seacms | 1 Seacms | 2025-06-12 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-44073 | 1 Seacms | 1 Seacms | 2025-06-12 | N/A | 9.8 CRITICAL |
|
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
|
|||||
| CVE-2025-44074 | 1 Seacms | 1 Seacms | 2025-05-13 | N/A | 9.8 CRITICAL |
|
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
|
|||||
| CVE-2025-44072 | 1 Seacms | 1 Seacms | 2025-05-13 | N/A | 9.8 CRITICAL |
|
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
|
|||||
| CVE-2025-44071 | 1 Seacms | 1 Seacms | 2025-05-13 | N/A | 9.8 CRITICAL |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.
|
|||||
| CVE-2022-43256 | 1 Seacms | 1 Seacms | 2025-04-30 | N/A | 9.8 CRITICAL |
|
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
|
|||||
| CVE-2021-39426 | 1 Seacms | 1 Seacms | 2025-04-21 | N/A | 9.8 CRITICAL |
|
An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set.
|
|||||
| CVE-2025-29647 | 1 Seacms | 1 Seacms | 2025-04-08 | N/A | 9.8 CRITICAL |
|
SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
|
|||||
| CVE-2024-6416 | 1 Seacms | 1 Seacms | 2025-04-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270007.
|
|||||
| CVE-2024-42599 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 8.8 HIGH |
|
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
|
|||||
| CVE-2024-44916 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 7.2 HIGH |
|
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution.
|
|||||
| CVE-2024-44918 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 3.5 LOW |
|
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2024-44720 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 7.5 HIGH |
|
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php.
|
|||||
| CVE-2024-44721 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.
|
|||||
| CVE-2024-46640 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method.
|
|||||
| CVE-2024-50808 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 8.8 HIGH |
|
SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.
|
|||||
| CVE-2024-54879 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.1 CRITICAL |
|
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
|
|||||
| CVE-2024-54880 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.1 CRITICAL |
|
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk.
|
|||||
| CVE-2025-25514 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 6.5 MEDIUM |
|
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.
|
|||||
| CVE-2025-25515 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 8.8 HIGH |
|
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
|
|||||
| CVE-2025-25516 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php.
|
|||||
| CVE-2025-25517 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php.
|
|||||
| CVE-2025-25519 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php.
|
|||||
| CVE-2025-25520 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.
|
|||||
| CVE-2025-25521 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 9.8 CRITICAL |
|
Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.
|
|||||
| CVE-2025-25792 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 4.4 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
|
|||||
| CVE-2025-25793 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
|
|||||
| CVE-2025-25794 | 1 Seacms | 1 Seacms | 2025-03-28 | N/A | 5.1 MEDIUM |
|
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
|
|||||