Vulnerabilities > Seacms > Seacms > 11.0

DATE CVE VULNERABILITY TITLE RISK
2025-02-24 CVE-2025-25513 SQL Injection vulnerability in Seacms
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2024-07-05 CVE-2024-39028 Unspecified vulnerability in Seacms
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
network
low complexity
seacms
critical
 9.8
9.8
2023-10-25 CVE-2023-46010 Unspecified vulnerability in Seacms
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
network
low complexity
seacms
critical
 9.8
9.8
2023-10-10 CVE-2023-44846 Unspecified vulnerability in Seacms
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.
network
low complexity
seacms
8.8
8.8
2023-10-10 CVE-2023-44847 Unspecified vulnerability in Seacms
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.
network
low complexity
seacms
7.2
7.2
2023-10-10 CVE-2023-44848 Unspecified vulnerability in Seacms
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.
network
low complexity
seacms
8.1
8.1
2023-09-27 CVE-2023-43222 Unspecified vulnerability in Seacms
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
network
low complexity
seacms
critical
 9.8
9.8
2023-09-25 CVE-2023-43278 Cross-Site Request Forgery (CSRF) vulnerability in Seacms
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
network
low complexity
seacms CWE-352
8.8
8.8
2022-11-16 CVE-2022-43256 SQL Injection vulnerability in Seacms
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2021-05-28 CVE-2020-26642 Cross-site Scripting vulnerability in Seacms 11.0
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
network
low complexity
seacms CWE-79
6.1
6.1