CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39028
https://notcve.org/view.php?id=CVE-2024-39028
05 Jul 2024 — An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. Se descubrió un problema en SeaCMS <=12.9 que permite a atacantes remotos ejecutar código arbitrario a través de admin_ping.php. • https://github.com/pysnow1/vul_discovery/blob/main/SeaCMS/SeaCMS%20v12.9%20admin_ping.php%20RCE.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46010
https://notcve.org/view.php?id=CVE-2023-46010
24 Oct 2023 — An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. Un problema en SeaCMS v.12.9 permite a un atacante ejecutar comandos arbitrarios a través del componente admin_safe.php. • http://seacms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44847
https://notcve.org/view.php?id=CVE-2023-44847
10 Oct 2023 — An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. Un problema en SeaCMS v.12.8 permite a un atacante ejecutar código arbitrario a través del componente admin_Weixin.php. • https://blog.csdn.net/2301_79997870/article/details/133661890?spm=1001.2014.3001.5502 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44848
https://notcve.org/view.php?id=CVE-2023-44848
10 Oct 2023 — An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. Un problema en SeaCMS v.12.8 permite a un atacante ejecutar código arbitrario a través del componente admin_template.php. • https://blog.csdn.net/2301_79997870/article/details/133661890?spm=1001.2014.3001.5502 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44846
https://notcve.org/view.php?id=CVE-2023-44846
10 Oct 2023 — An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. Un problema en SeaCMS v.12.8 permite a un atacante ejecutar código arbitrario a través del componente admin_notify.php. • https://blog.csdn.net/2301_79997870/article/details/133365547?spm=1001.2014.3001.5501 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43222
https://notcve.org/view.php?id=CVE-2023-43222
26 Sep 2023 — SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. SeaCMS v12.8 tiene una vulnerabilidad de escritura de código arbitrario en el archivo /jxz7g2/admin_ping.php. • https://blog.csdn.net/weixin_51394168/article/details/132817842 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43278
https://notcve.org/view.php?id=CVE-2023-43278
25 Sep 2023 — A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. Un Cross-Site Request Forgery (CSRF) en admin_manager.php de Seacms hasta v12.8 permite a los atacantes agregar arbitrariamente una cuenta de administrador. • http://seacms.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43256
https://notcve.org/view.php?id=CVE-2022-43256
16 Nov 2022 — SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. Se descubrió que SeaCms anterior a v12.6 contenía una vulnerabilidad de inyección SQL a través del componente /js/player/dmplayer/dmku/index.php. • https://github.com/seacms-com/seacms/issues/23 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26642
https://notcve.org/view.php?id=CVE-2020-26642
28 May 2021 — A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML. Se ha detectado una vulnerabilidad de tipo cross-site scripting (XSS) en la página de inicio de sesión de SeaCMS versión 11, que permite a un atacante inyectar script web o HTML arbitrario • https://www.chinapyg.com/thread-137805-1-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •