CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40518
https://notcve.org/view.php?id=CVE-2024-40518
12 Jul 2024 — SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad es causada porque admin_weixin.php empalma y escribe directamente los datos de entrada del usuario en weixi... • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39028
https://notcve.org/view.php?id=CVE-2024-39028
05 Jul 2024 — An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. Se descubrió un problema en SeaCMS <=12.9 que permite a atacantes remotos ejecutar código arbitrario a través de admin_ping.php. • https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39027
https://notcve.org/view.php?id=CVE-2024-39027
05 Jul 2024 — SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. SeaCMS v12.9 tiene una vulnerabilidad de inyección SQL no autorizada. La vulnerabilidad es causada por la inyección SQL a través del parámetro cid en /js/player/dmplayer/dmku/index.php? • https://github.com/seacms-net/CMS/issues/17 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31611
https://notcve.org/view.php?id=CVE-2024-31611
10 Jun 2024 — SeaCMS 12.9 has a file deletion vulnerability via admin_template.php. SeaCMS 12.9 tiene una vulnerabilidad de eliminación de archivos a través de admin_template.php. • https://github.com/ss122-0ss/seacms/blob/main/readme.md • CWE-404: Improper Resource Shutdown or Release •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30565
https://notcve.org/view.php?id=CVE-2024-30565
04 Apr 2024 — An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. Se descubrió un problema en SeaCMS versión 12.9, que permite a atacantes remotos ejecutar código arbitrario a través de admin notify.php. • https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/SeaCMS_v.12.9.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-29275
https://notcve.org/view.php?id=CVE-2024-29275
22 Mar 2024 — SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. Vulnerabilidad de inyección SQL en SeaCMS versión 12.9, permite a atacantes remotos no autenticados ejecutar código arbitrario y obtener información confidencial a través del parámetro id en class.php. • https://github.com/Cyphercoda/nuclei_template • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50470
https://notcve.org/view.php?id=CVE-2023-50470
28 Dec 2023 — A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de cross-site scripting (XSS) en el componente admin_Video.php de SeaCMS v12.8 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado. • http://seacms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46987
https://notcve.org/view.php?id=CVE-2023-46987
28 Dec 2023 — SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php. Se descubrió que SeaCMS v12.9 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente /augap/adminip.php. • http://seacms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46010
https://notcve.org/view.php?id=CVE-2023-46010
24 Oct 2023 — An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. Un problema en SeaCMS v.12.9 permite a un atacante ejecutar comandos arbitrarios a través del componente admin_safe.php. • http://seacms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44847
https://notcve.org/view.php?id=CVE-2023-44847
10 Oct 2023 — An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. Un problema en SeaCMS v.12.8 permite a un atacante ejecutar código arbitrario a través del componente admin_Weixin.php. • https://blog.csdn.net/2301_79997870/article/details/133661890?spm=1001.2014.3001.5502 • CWE-94: Improper Control of Generation of Code ('Code Injection') •