CVE-2024-39027
https://notcve.org/view.php?id=CVE-2024-39027
SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. SeaCMS v12.9 tiene una vulnerabilidad de inyección SQL no autorizada. La vulnerabilidad es causada por la inyección SQL a través del parámetro cid en /js/player/dmplayer/dmku/index.php? • https://github.com/seacms-net/CMS/issues/17 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-39028
https://notcve.org/view.php?id=CVE-2024-39028
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. Se descubrió un problema en SeaCMS <=12.9 que permite a atacantes remotos ejecutar código arbitrario a través de admin_ping.php. • https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-31611
https://notcve.org/view.php?id=CVE-2024-31611
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. SeaCMS 12.9 tiene una vulnerabilidad de eliminación de archivos a través de admin_template.php. • https://github.com/ss122-0ss/seacms/blob/main/readme.md • CWE-404: Improper Resource Shutdown or Release •
CVE-2023-46987
https://notcve.org/view.php?id=CVE-2023-46987
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. Se descubrió que SeaCMS v12.9 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /augap/adminip.php. • http://seacms.com http://www.seacms.com https://blog.csdn.net/weixin_72610998/article/details/133420747?spm=1001.2014.3001.5501 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-46010
https://notcve.org/view.php?id=CVE-2023-46010
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. Un problema en SeaCMS v.12.9 permite a un atacante ejecutar comandos arbitrarios a través del componente admin_safe.php. • http://seacms.com https://blog.csdn.net/DGS666/article/details/133795200?spm=1001.2014.3001.5501 • CWE-94: Improper Control of Generation of Code ('Code Injection') •