Vulnerabilities > Seacms

DATE CVE VULNERABILITY TITLE RISK
2022-05-04 CVE-2022-28076 Unspecified vulnerability in Seacms 11.6
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.
network
low complexity
seacms
6.5
2022-04-27 CVE-2022-27336 Injection vulnerability in Seacms 11.6
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.
network
low complexity
seacms CWE-74
7.5
2022-03-02 CVE-2022-23878 Unspecified vulnerability in Seacms 11.5
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.
network
low complexity
seacms
7.5
2021-08-18 CVE-2021-37358 SQL Injection vulnerability in Seacms 20210530
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".
network
low complexity
seacms CWE-89
7.5
2021-08-17 CVE-2021-29313 Cross-site Scripting vulnerability in Seacms 12.6
Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,
network
seacms CWE-79
4.3
2021-08-17 CVE-2020-28846 Cross-Site Request Forgery (CSRF) vulnerability in Seacms 10.7
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
network
seacms CWE-352
4.3
2021-05-28 CVE-2020-26642 Cross-site Scripting vulnerability in Seacms 11.0
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
network
seacms CWE-79
4.3
2020-12-21 CVE-2020-21378 SQL Injection vulnerability in Seacms 10.1
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
network
low complexity
seacms CWE-89
7.5
2019-02-17 CVE-2019-8418 Unspecified vulnerability in Seacms 7.2
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
network
low complexity
seacms
4.0
2018-11-17 CVE-2018-19350 Cross-site Scripting vulnerability in Seacms 6.64
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
network
seacms CWE-79
3.5