Vulnerabilities > Seacms > Seacms > 6.64

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-46010 Unspecified vulnerability in Seacms
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
network
low complexity
seacms
critical
 9.8
9.8
2023-09-25 CVE-2023-43278 Cross-Site Request Forgery (CSRF) vulnerability in Seacms
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
network
low complexity
seacms CWE-352
8.8
8.8
2022-11-16 CVE-2022-43256 SQL Injection vulnerability in Seacms
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
network
low complexity
seacms CWE-89
critical
 9.8
9.8
2018-11-17 CVE-2018-19350 Cross-site Scripting vulnerability in Seacms 6.64
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
network
seacms CWE-79
3.5
3.5
2018-11-17 CVE-2018-19349 SQL Injection vulnerability in Seacms 6.64
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
network
low complexity
seacms CWE-89
6.5
6.5
2018-09-26 CVE-2018-17365 Path Traversal vulnerability in Seacms 6.64/7.2
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
network
low complexity
seacms CWE-22
6.4
6.4
2018-09-22 CVE-2018-17321 Cross-site Scripting vulnerability in Seacms 6.64
An issue was discovered in SeaCMS 6.64.
network
seacms CWE-79
4.3
4.3
2018-09-21 CVE-2018-16822 SQL Injection vulnerability in Seacms 6.64
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
network
low complexity
seacms CWE-89
7.5
7.5
2018-09-21 CVE-2018-16821 Unrestricted Upload of File with Dangerous Type vulnerability in Seacms 6.64
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
network
low complexity
seacms CWE-434
5.0
5.0
2018-09-16 CVE-2018-17062 Cross-site Scripting vulnerability in Seacms 6.64
An issue was discovered in SeaCMS 6.64.
network
seacms CWE-79
4.3
4.3