CVE-2019-8418
https://notcve.org/view.php?id=CVE-2019-8418
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests. SeaCMS 7.2 gestiona de manera incorrecta las peticiones member.php?mod=repsw4. • https://github.com/seacms/seacms-v7.2/issues/2 •
CVE-2018-19349
https://notcve.org/view.php?id=CVE-2018-19349
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php. En SeaCMS v6.64, hay una inyección SQL mediante el parámetro topic en admin_makehtml.php debido a la gestión incorrecta de include/mkhtml.func.php. • https://github.com/Xmansec/seacms_vul/blob/master/SQL/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-19350
https://notcve.org/view.php?id=CVE-2018-19350
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. En SeaCMS v6.6.4, hay Cross-Site Scripting (XSS) persistente mediante el parámetro email en member.php?action=chgpwdsubmit durante un cambio de contraseña, tal y como queda demostrado con una URL data: en un elemento OBJECT. • https://github.com/Xmansec/seacms_vul/tree/master/XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-17365
https://notcve.org/view.php?id=CVE-2018-17365
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. SeaCMS versión 6.64 y versión 7.2 permite a los atacantes remotos eliminar archivos arbitrarios mediante el parámetro filedir. • http://blog.51cto.com/13770310/2177226 https://github.com/sfh320/seacms/issues/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-17321
https://notcve.org/view.php?id=CVE-2018-17321
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action. Se ha descubierto un problema en SeaCMS 6.64. Existe Cross-Site Scripting (XSS) en admin_datarelate.php a través de los parámetros time o maxHit en una acción dorandomset. • https://secwk.blogspot.com/2018/09/seacms-664-xss-vulnerability_14.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •