CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0960 – SeaCMS Picture Management config.ftp.php deserialization
https://notcve.org/view.php?id=CVE-2023-0960
22 Feb 2023 — A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/config.ftp.php of the component Picture Management. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jidle123/Seacms-v11.6/issues/1 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39426
https://notcve.org/view.php?id=CVE-2021-39426
15 Dec 2022 — An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the notify1 parameter when the action parameter equals set. Se descubrió un problema en /Upload/admin/admin_notify.php en Seacms 11.4 que permite a los atacantes ejecutar código php arbitrario a través del parámetro notify1 cuando el parámetro de action es igual a set. • https://github.com/seacms-com/seacms/issues/21 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43256
https://notcve.org/view.php?id=CVE-2022-43256
16 Nov 2022 — SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. Se descubrió que SeaCms anterior a v12.6 contenía una vulnerabilidad de inyección SQL a través del componente /js/player/dmplayer/dmku/index.php. • https://github.com/seacms-com/seacms/issues/23 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2022-28076
https://notcve.org/view.php?id=CVE-2022-28076
04 May 2022 — Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. Se ha detectado que Seacms versión v11.6, contiene una vulnerabilidad de ejecución de comandos remota (RCE) por medio de la configuración del servidor de correo • https://github.com/likCodinG/seacms_vul/issues/1 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27336
https://notcve.org/view.php?id=CVE-2022-27336
27 Apr 2022 — Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. Se ha detectado que Seacms versión v11.6, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del componente /admin/weixin.php • http://note.youdao.com/noteshare?id=1f5c9012a358f0c4575e1ca57a55fe5e&sub=6C2906C73BB0477FB9DE8601D5495C0A •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23878
https://notcve.org/view.php?id=CVE-2022-23878
02 Mar 2022 — seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. seacms versión V11.5, está afectado por una vulnerabilidad de ejecución de código arbitrario en el archivo admin_config.php • https://blog.csdn.net/miuzzx/article/details/122249953 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28846
https://notcve.org/view.php?id=CVE-2020-28846
17 Aug 2021 — Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en SeaCMS versión 10.7, en el archivo admin_manager.php, que podría permitir a un usuario malicioso añadir una cuenta de administrador. • https://github.com/wh1tes/wh1te_blog/issues/8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26642
https://notcve.org/view.php?id=CVE-2020-26642
28 May 2021 — A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. Se ha detectado una vulnerabilidad de tipo cross-site scripting (XSS) en la página de inicio de sesión de SeaCMS versión 11, que permite a un atacante inyectar script web o HTML arbitrario • https://www.chinapyg.com/thread-137805-1-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-21378
https://notcve.org/view.php?id=CVE-2020-21378
21 Dec 2020 — SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. Una vulnerabilidad de inyección SQL en SeaCMS versión 10.1 (2020.02.08), por medio del parámetro id en una acción de edición para el archivo admin_members_group.php • https://github.com/sukusec301/SeaCMS-v10.1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8418
https://notcve.org/view.php?id=CVE-2019-8418
17 Feb 2019 — SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. SeaCMS 7.2 gestiona de manera incorrecta las peticiones member.php?mod=repsw4. • https://github.com/seacms/seacms-v7.2/issues/2 •