CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40520
https://notcve.org/view.php?id=CVE-2024-40520
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe a que admin_config_mark.php empalma y escribe directamente los datos de ent... • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_config_mark.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40521
https://notcve.org/view.php?id=CVE-2024-40521
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe al hecho de que, aunque admin_template.php impone ci... • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20admin_template.php%20%20code%20injection.md •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40522
https://notcve.org/view.php?id=CVE-2024-40522
12 Jul 2024 — There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. Existe una vulnerabilidad de ejecución remota de código en SeaCMS 12.9. La vulnerabilidad se debe a que phomebak.php escribe algunos nombres de variables pasados sin filtrarlos antes de e... • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40519
https://notcve.org/view.php?id=CVE-2024-40519
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe a que admin_smtp.php empalma y escribe directamente los datos de entrada del usuario en weixin.php si... • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40518
https://notcve.org/view.php?id=CVE-2024-40518
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad es causada porque admin_weixin.php empalma y escribe directamente los datos de entrada del usuario en weixi... • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39028
https://notcve.org/view.php?id=CVE-2024-39028
05 Jul 2024 — An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. Se descubrió un problema en SeaCMS <=12.9 que permite a atacantes remotos ejecutar código arbitrario a través de admin_ping.php. • https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39027
https://notcve.org/view.php?id=CVE-2024-39027
05 Jul 2024 — SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. SeaCMS v12.9 tiene una vulnerabilidad de inyección SQL no autorizada. La vulnerabilidad es causada por la inyección SQL a través del parámetro cid en /js/player/dmplayer/dmku/index.php? • https://github.com/seacms-net/CMS/issues/17 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31611
https://notcve.org/view.php?id=CVE-2024-31611
10 Jun 2024 — SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. SeaCMS 12.9 tiene una vulnerabilidad de eliminación de archivos a través de admin_template.php. • https://github.com/ss122-0ss/seacms/blob/main/readme.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50470
https://notcve.org/view.php?id=CVE-2023-50470
28 Dec 2023 — A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de cross-site scripting (XSS) en el componente admin_Video.php de SeaCMS v12.8 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado. • http://seacms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46987
https://notcve.org/view.php?id=CVE-2023-46987
28 Dec 2023 — SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. Se descubrió que SeaCMS v12.9 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /augap/adminip.php. • http://seacms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •