) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:seacms:seacms:6.64:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-46010 |
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. Published: October 25, 2023; 2:17:35 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-44848 |
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. Published: October 09, 2023; 9:15:10 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
| CVE-2023-44847 |
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. Published: October 09, 2023; 9:15:10 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
| CVE-2023-44846 |
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. Published: October 09, 2023; 9:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2023-43222 |
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. Published: September 27, 2023; 11:19:33 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2023-43278 |
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. Published: September 25, 2023; 7:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-43256 |
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. Published: November 16, 2022; 10:15:16 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2018-19350 |
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. Published: November 17, 2018; 5:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-19349 |
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. Published: November 17, 2018; 5:29:00 PM -0500 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-17365 |
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. Published: September 26, 2018; 5:29:02 PM -0400 |
V3.1: 7.5 HIGH V2.0: 6.4 MEDIUM |
| CVE-2018-17321 |
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. Published: September 21, 2018; 10:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-16822 |
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. Published: September 21, 2018; 1:29:06 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-16821 |
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. Published: September 21, 2018; 1:29:05 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2018-17062 |
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. Published: September 16, 2018; 1:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |