Vulnerabilities > Seacms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-12-15	CVE-2021-39426	Code Injection vulnerability in Seacms 11.4 An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. network low complexity seacms CWE-94 critical	9.8
2022-11-16	CVE-2022-43256	SQL Injection vulnerability in Seacms SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. network low complexity seacms CWE-89 critical	9.8
2022-05-04	CVE-2022-28076	Unspecified vulnerability in Seacms 11.6 Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. network low complexity seacms	7.2
2022-04-27	CVE-2022-27336	Unspecified vulnerability in Seacms 11.6 Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. network low complexity seacms critical	9.8
2022-03-02	CVE-2022-23878	Unspecified vulnerability in Seacms 11.5 seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. network low complexity seacms critical	9.8
2021-08-18	CVE-2021-37358	SQL Injection vulnerability in Seacms 20210530 SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=". network low complexity seacms CWE-89 critical	9.8
2021-08-17	CVE-2021-29313	Cross-site Scripting vulnerability in Seacms 12.6 Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, network low complexity seacms CWE-79	6.1
2021-08-17	CVE-2020-28846	Cross-Site Request Forgery (CSRF) vulnerability in Seacms 10.7 Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. network low complexity seacms CWE-352	6.5
2021-05-28	CVE-2020-26642	Cross-site Scripting vulnerability in Seacms 11.0 A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. network low complexity seacms CWE-79	6.1
2020-12-21	CVE-2020-21378	SQL Injection vulnerability in Seacms 10.1 SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. network low complexity seacms CWE-89 critical	9.8

Vulnerabilities > Seacms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Seacms"}]}

Vulnerabilities > Seacms