Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seacms
(Seacms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-27 | CVE-2023-43216 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | Seacms | 9.8 | ||
| 2023-09-27 | CVE-2023-43222 | SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | Seacms | 9.8 | ||
| 2023-09-27 | CVE-2023-44169 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | Seacms | 9.8 | ||
| 2023-09-27 | CVE-2023-44170 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | Seacms | 9.8 | ||
| 2023-09-27 | CVE-2023-44171 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | Seacms | 9.8 | ||
| 2023-09-27 | CVE-2023-44172 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | Seacms | 9.8 | ||
| 2023-10-10 | CVE-2023-44846 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | Seacms | 8.8 | ||
| 2023-10-10 | CVE-2023-44847 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | Seacms | 7.2 | ||
| 2024-07-28 | CVE-2024-7161 | A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575. | Seacms | 6.5 | ||
| 2024-07-28 | CVE-2024-7162 | A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576. | Seacms | 5.4 |