CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
22 Aug 2024 — SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42598
https://notcve.org/view.php?id=CVE-2024-42598
20 Aug 2024 — SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7163 – SeaCMS index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-7163
28 Jul 2024 — A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/HuaQiPro/seacms/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7162 – SeaCMS cross site scripting
https://notcve.org/view.php?id=CVE-2024-7162
28 Jul 2024 — A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. • https://github.com/HuaQiPro/seacms/issues/29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7161 – SeaCMS Password Change cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-7161
28 Jul 2024 — A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. • https://github.com/HuaQiPro/seacms/issues/30 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39036
https://notcve.org/view.php?id=CVE-2024-39036
16 Jul 2024 — SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. SeaCMS v12.9 es vulnerable a la lectura arbitraria de archivos a través de admin_safe.php. • https://github.com/seacms-net/CMS/issues/18 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40520
https://notcve.org/view.php?id=CVE-2024-40520
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe a que admin_config_mark.php empalma y escribe directamente los datos de ent... • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_config_mark.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40521
https://notcve.org/view.php?id=CVE-2024-40521
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe al hecho de que, aunque admin_template.php impone ci... • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20admin_template.php%20%20code%20injection.md •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40522
https://notcve.org/view.php?id=CVE-2024-40522
12 Jul 2024 — There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. Existe una vulnerabilidad de ejecución remota de código en SeaCMS 12.9. La vulnerabilidad se debe a que phomebak.php escribe algunos nombres de variables pasados sin filtrarlos antes de e... • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40519
https://notcve.org/view.php?id=CVE-2024-40519
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe a que admin_smtp.php empalma y escribe directamente los datos de entrada del usuario en weixin.php si... • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md •