Vulnerabilities > Seacms > Seacms > 6.64
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-46010 | Unspecified vulnerability in Seacms An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | 9.8 |
2023-09-25 | CVE-2023-43278 | Cross-Site Request Forgery (CSRF) vulnerability in Seacms A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | 8.8 |
2022-11-16 | CVE-2022-43256 | SQL Injection vulnerability in Seacms SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | 9.8 |
2018-11-17 | CVE-2018-19350 | Cross-site Scripting vulnerability in Seacms 6.64 In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | 3.5 |
2018-11-17 | CVE-2018-19349 | SQL Injection vulnerability in Seacms 6.64 In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. | 6.5 |
2018-09-26 | CVE-2018-17365 | Path Traversal vulnerability in Seacms 6.64/7.2 SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | 6.4 |
2018-09-22 | CVE-2018-17321 | Cross-site Scripting vulnerability in Seacms 6.64 An issue was discovered in SeaCMS 6.64. | 4.3 |
2018-09-21 | CVE-2018-16822 | SQL Injection vulnerability in Seacms 6.64 SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. | 7.5 |
2018-09-21 | CVE-2018-16821 | Unrestricted Upload of File with Dangerous Type vulnerability in Seacms 6.64 SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. | 5.0 |
2018-09-16 | CVE-2018-17062 | Cross-site Scripting vulnerability in Seacms 6.64 An issue was discovered in SeaCMS 6.64. | 4.3 |