Vulnerabilities > Seacms

DATE CVE VULNERABILITY TITLE RISK
2018-09-22 CVE-2018-17321 Cross-site Scripting vulnerability in Seacms 6.64
An issue was discovered in SeaCMS 6.64.
network
seacms CWE-79
4.3
2018-09-21 CVE-2018-16822 SQL Injection vulnerability in Seacms 6.64
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
network
low complexity
seacms CWE-89
7.5
2018-09-21 CVE-2018-16821 Unrestricted Upload of File with Dangerous Type vulnerability in Seacms 6.64
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
network
low complexity
seacms CWE-434
5.0
2018-09-16 CVE-2018-17062 Cross-site Scripting vulnerability in Seacms 6.64
An issue was discovered in SeaCMS 6.64.
network
seacms CWE-79
4.3
2018-09-04 CVE-2018-16445 SQL Injection vulnerability in Seacms
An issue was discovered in SeaCMS through 6.61.
network
low complexity
seacms CWE-89
7.5
2018-09-04 CVE-2018-16444 Server-Side Request Forgery (SSRF) vulnerability in Seacms 6.61
An issue was discovered in SeaCMS 6.61.
network
low complexity
seacms CWE-918
6.4
2018-09-02 CVE-2018-16348 Cross-site Scripting vulnerability in Seacms 6.61
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.
network
seacms CWE-79
3.5
2018-09-02 CVE-2018-16343 Code Injection vulnerability in Seacms 6.61
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.
network
low complexity
seacms CWE-94
6.5
2018-08-03 CVE-2018-14910 Cross-Site Request Forgery (CSRF) vulnerability in Seacms 6.61
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php).
network
seacms CWE-352
6.8
2018-07-23 CVE-2018-14517 Cross-site Scripting vulnerability in Seacms 6.61
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
network
seacms CWE-79
4.3