CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14910
https://notcve.org/view.php?id=CVE-2018-14910
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF. SeaCMS v6.61 permite la ejecución remota de código colocando código PHP en una dirección IP permitida (también conocida como ip) en /admin/admin_ip.php (también conocida como /adm1n/admin_ip.php). El código se ejecuta al visitar adm1n/admin_ip.php o data/admin/ip.php. • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms2.md • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14517
https://notcve.org/view.php?id=CVE-2018-14517
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields. SeaCMS 6.61 tiene dos problemas de Cross-Site Scripting (XSS) en el archivo admin_config.php mediante ciertos campos de formulario. • https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14421
https://notcve.org/view.php?id=CVE-2018-14421
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF. SeaCMS v6.61 permite la ejecución remota de código colocando código PHP en una dirección de imagen de película (v#95;pic) en /admin/admin_video.php (/backend/admin_video.php). El código se ejecuta al visitar /details/index.php. • http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13444
https://notcve.org/view.php?id=CVE-2018-13444
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. Se ha descubierto un problema en SeaCMS 6.61. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta admin mediante adm1n/admin_manager.php? • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13445
https://notcve.org/view.php?id=CVE-2018-13445
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. Se ha descubierto un problema en SeaCMS 6.61. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta de usuario mediante adm1n/admin_manager.php? • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md • CWE-352: Cross-Site Request Forgery (CSRF) •