Seacms

Seacms

114 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-42599

Exploit
  • EPSS 0.4%
  • Veröffentlicht 22.08.2024 20:15:09
  • Zuletzt bearbeitet 28.03.2025 17:12:45

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attac...

6.7

CVE-2024-42598

Exploit
  • EPSS 0.14%
  • Veröffentlicht 20.08.2024 16:15:11
  • Zuletzt bearbeitet 28.03.2025 16:53:29

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated ...

6.1

CVE-2024-7163

Exploit
  • EPSS 0.13%
  • Veröffentlicht 28.07.2024 17:15:09
  • Zuletzt bearbeitet 21.11.2024 09:50:58

A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possibl...

6.5

CVE-2024-7161

Exploit
  • EPSS 0.15%
  • Veröffentlicht 28.07.2024 16:15:02
  • Zuletzt bearbeitet 21.11.2024 09:50:58

A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newp...

5.4

CVE-2024-7162

Exploit
  • EPSS 0.13%
  • Veröffentlicht 28.07.2024 16:15:02
  • Zuletzt bearbeitet 21.11.2024 09:50:58

A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cr...

6.5

CVE-2024-39036

Exploit
  • EPSS 0.48%
  • Veröffentlicht 16.07.2024 19:15:12
  • Zuletzt bearbeitet 21.11.2024 09:27:10

SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.

8.8

CVE-2024-40521

Exploit
  • EPSS 0.34%
  • Veröffentlicht 12.07.2024 16:15:05
  • Zuletzt bearbeitet 13.03.2025 16:15:21

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allo...

8.8

CVE-2024-40522

Exploit
  • EPSS 6.4%
  • Veröffentlicht 12.07.2024 16:15:05
  • Zuletzt bearbeitet 14.03.2025 15:15:41

There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this ...

8.8

CVE-2024-40518

Exploit
  • EPSS 1.58%
  • Veröffentlicht 12.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:31:14

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulner...

8.8

CVE-2024-40519

Exploit
  • EPSS 6.37%
  • Veröffentlicht 12.07.2024 16:15:04
  • Zuletzt bearbeitet 25.03.2025 17:15:58

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerab...