CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6864 – SeaCMS admin_type.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-6864
29 Jun 2025 — A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/murongchengshu/zhicheng_tan/blob/main/SeaCMS_1.md • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25513
https://notcve.org/view.php?id=CVE-2025-25513
24 Feb 2025 — Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php. Seacms <=13.3 es vulnerable a la inyección SQL en admin_members.php. • https://github.com/Colorado-all/cve/blob/main/seacms/seacms%20V13.3-sql-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2024-46640
https://notcve.org/view.php?id=CVE-2024-46640
20 Sep 2024 — SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method. • https://gitee.com/zheng_botong/CVE-2024-46640 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44720
https://notcve.org/view.php?id=CVE-2024-44720
09 Sep 2024 — SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. • https://github.com/seacms-net/CMS/issues/22 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44721
https://notcve.org/view.php?id=CVE-2024-44721
09 Sep 2024 — SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. • https://github.com/seacms-net/CMS/issues/23 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44920
https://notcve.org/view.php?id=CVE-2024-44920
03 Sep 2024 — A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter. • https://github.com/nn0nkey/nn0nkey/blob/main/CVE-2024-44920.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44921
https://notcve.org/view.php?id=CVE-2024-44921
03 Sep 2024 — SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. • https://github.com/nn0nkey/nn0nkey/blob/main/CVE-2024-44921.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44918
https://notcve.org/view.php?id=CVE-2024-44918
30 Aug 2024 — A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. • https://github.com/nn0nkey/nn0nkey/blob/main/CVE-2024-44918.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44916
https://notcve.org/view.php?id=CVE-2024-44916
30 Aug 2024 — Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution. • http://seacms.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44683
https://notcve.org/view.php?id=CVE-2024-44683
30 Aug 2024 — Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. • https://github.com/147536951/Qianyi/blob/main/Seacms.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •