Product:

Seacms

(Seacms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 64
Date Id Summary Products Score Patch Annotated
2020-12-21 CVE-2020-21378 SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. Seacms 9.8
2021-05-28 CVE-2020-26642 A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. Seacms 6.1
2021-08-17 CVE-2020-28846 Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. Seacms 6.5
2021-08-17 CVE-2021-29313 Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, Seacms 6.1
2021-08-18 CVE-2021-37358 SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". Seacms 9.8
2022-03-02 CVE-2022-23878 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. Seacms 9.8
2022-04-27 CVE-2022-27336 Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. Seacms 9.8
2022-05-04 CVE-2022-28076 Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. Seacms 7.2
2022-11-16 CVE-2022-43256 SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. Seacms 9.8
2022-12-15 CVE-2021-39426 An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. Seacms 9.8