Vulnerabilities > Seacms

DATE CVE VULNERABILITY TITLE RISK
2025-05-05 CVE-2025-44071 Code Injection vulnerability in Seacms 13.3
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php.
network
low complexity
seacms CWE-94
critical
 9.8
9.8
2025-05-05 CVE-2025-44072 SQL Injection vulnerability in Seacms 13.3
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2025-05-05 CVE-2025-44074 SQL Injection vulnerability in Seacms 13.3
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2025-02-24 CVE-2025-25513 SQL Injection vulnerability in Seacms
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2024-09-03 CVE-2024-44920 Cross-site Scripting vulnerability in Seacms 12.9
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.
network
low complexity
seacms CWE-79
6.1
6.1
2024-09-03 CVE-2024-44921 SQL Injection vulnerability in Seacms 12.9
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2024-08-30 CVE-2024-44683 Cross-site Scripting vulnerability in Seacms 13.0
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
network
low complexity
seacms CWE-79
6.1
6.1
2024-08-29 CVE-2024-44919 Cross-site Scripting vulnerability in Seacms 12.9
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter.
network
low complexity
seacms CWE-79
5.4
5.4
2024-08-26 CVE-2024-41444 SQL Injection vulnerability in Seacms 12.9
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2024-07-28 CVE-2024-7163 Unspecified vulnerability in Seacms 12.9
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9.
network
low complexity
seacms
6.1
6.1