RSS   Podatności dla 'Seacms'   RSS

2022-05-04
 
CVE-2022-28076

NVD-CWE-noinfo
 
 
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.

 
2022-03-02
 
CVE-2022-23878

NVD-CWE-noinfo
 
 
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.

 
2021-08-17
 
CVE-2021-29313

CWE-79
 
 
Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,

 
 
CVE-2020-28846

CWE-352
 
 
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.

 
2021-05-28
 
CVE-2020-26642

CWE-79
 
 
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML.

 
2020-12-21
 
CVE-2020-21378

CWE-89
 
 
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.

 
2019-02-17
 
CVE-2019-8418

CWE-255
 
 
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.

 
2018-11-17
 
CVE-2018-19350

CWE-79
 
 
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.

 
 
CVE-2018-19349

CWE-89
 
 
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.

 
2018-09-26
 
CVE-2018-17365

CWE-20
 
 
SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top