Show filters
65 Total Results
Displaying 41-50 of 65
Sort by:
Attacker Value
Unknown
CVE-2021-37358
Disclosure Date: August 18, 2021 (last updated February 23, 2025)
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?action=checkrepeat&v_name=".
0
Attacker Value
Unknown
CVE-2021-29313
Disclosure Date: August 17, 2021 (last updated February 23, 2025)
Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,
0
Attacker Value
Unknown
CVE-2020-28846
Disclosure Date: August 17, 2021 (last updated February 23, 2025)
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
0
Attacker Value
Unknown
CVE-2020-26642
Disclosure Date: May 28, 2021 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.
0
Attacker Value
Unknown
CVE-2020-21378
Disclosure Date: December 21, 2020 (last updated February 22, 2025)
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
0
Attacker Value
Unknown
CVE-2019-8418
Disclosure Date: February 17, 2019 (last updated November 27, 2024)
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
0
Attacker Value
Unknown
CVE-2018-19349
Disclosure Date: November 17, 2018 (last updated November 27, 2024)
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
0
Attacker Value
Unknown
CVE-2018-19350
Disclosure Date: November 17, 2018 (last updated November 27, 2024)
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
0
Attacker Value
Unknown
CVE-2018-17365
Disclosure Date: September 26, 2018 (last updated November 27, 2024)
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
0
Attacker Value
Unknown
CVE-2018-17321
Disclosure Date: September 22, 2018 (last updated November 27, 2024)
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
0
