CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13444
https://notcve.org/view.php?id=CVE-2018-13444
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2. Se ha descubierto un problema en SeaCMS 6.61. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta admin mediante adm1n/admin_manager.php? • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13445
https://notcve.org/view.php?id=CVE-2018-13445
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add. Se ha descubierto un problema en SeaCMS 6.61. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta de usuario mediante adm1n/admin_manager.php? • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12431
https://notcve.org/view.php?id=CVE-2018-12431
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). SeaCMS V6.61 tiene Cross-Site Scripting (XSS) mediante el parámetro site name en una página adm1n/admin_config.php (también conocida como página de gestión del sistema). • https://github.com/MichaelWayneLIU/seacms/blob/master/seacms.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11583
https://notcve.org/view.php?id=CVE-2018-11583
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter. SeaCMS 6.61 tiene Cross-Site Scripting (XSS) persistente en admin_collect.php mediante el parámetro siteurl. • https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17561
https://notcve.org/view.php?id=CVE-2017-17561
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php. SeaCMS 6.56 permite que administradores autenticados remotos ejecuten código PHP arbitrario mediante un campo de token manipulado en admin/admin_ping.php, que interactúa con data/admin/ping.php. • http://www.jianshu.com/p/35af80b97ee6 https://gist.github.com/WangYihang/9507e2efdceb67a5bc2761200f19f213 •