Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2018-19349

Disclosure Date: November 17, 2018 (last updated November 27, 2024)
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
0
0
Attacker Value
Unknown

CVE-2018-19350

Disclosure Date: November 17, 2018 (last updated November 27, 2024)
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
0
0
Attacker Value
Unknown

CVE-2018-17365

Disclosure Date: September 26, 2018 (last updated November 27, 2024)
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-17321

Disclosure Date: September 22, 2018 (last updated November 27, 2024)
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
0
0
Attacker Value
Unknown

CVE-2018-16821

Disclosure Date: September 21, 2018 (last updated November 27, 2024)
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
0
0
Attacker Value
Unknown

CVE-2018-16822

Disclosure Date: September 21, 2018 (last updated November 27, 2024)
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
0
0
Attacker Value
Unknown

CVE-2018-17062

Disclosure Date: September 16, 2018 (last updated November 27, 2024)
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.
0
0