CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2018-17365
https://notcve.org/view.php?id=CVE-2018-17365
26 Sep 2018 — SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. SeaCMS versión 6.64 y versión 7.2 permite a los atacantes remotos eliminar archivos arbitrarios mediante el parámetro filedir. • http://blog.51cto.com/13770310/2177226 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17321
https://notcve.org/view.php?id=CVE-2018-17321
22 Sep 2018 — An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. Se ha descubierto un problema en SeaCMS 6.64. Existe Cross-Site Scripting (XSS) en admin_datarelate.php a través de los parámetros time o maxHit en una acción dorandomset. • https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16822
https://notcve.org/view.php?id=CVE-2018-16822
21 Sep 2018 — SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. SeaCMS 6.64 permite inyección SQL mediante el parámetro order en upload/admin/admin_video.php. • http://blog.51cto.com/13770310/2177214 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16821
https://notcve.org/view.php?id=CVE-2018-16821
21 Sep 2018 — SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. SeaCMS 6.64 permite el listado de directorios arbitrario mediante peticiones en upload/admin/admin_template.php?path=.. • http://blog.51cto.com/13770310/2177212 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17062
https://notcve.org/view.php?id=CVE-2018-17062
16 Sep 2018 — An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter. Se ha descubierto un problema en SeaCMS 6.64. Existe Cross-Site Scripting (XSS) en admin_video.php mediante los parámetros action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney y v_ispsd. • https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •