Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
seacms seacms 6.61 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-14910
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.
Seacms Seacms 6.61
8.8
CVSSv3
CVE-2018-13444
An issue exists in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?action=save&id=2.
Seacms Seacms 6.61
8.8
CVSSv3
CVE-2018-13445
An issue exists in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add.
Seacms Seacms 6.61
4.8
CVSSv3
CVE-2018-12431
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).
Seacms Seacms 6.61
6.1
CVSSv3
CVE-2018-11583
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
Seacms Seacms 6.61
8.8
CVSSv3
CVE-2018-14421
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.
Seacms Seacms 6.61
6.1
CVSSv3
CVE-2018-14517
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
Seacms Seacms 6.61
7.2
CVSSv3
CVE-2018-16343
SeaCMS 6.61 allows remote malicious users to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.
Seacms Seacms 6.61
4.8
CVSSv3
CVE-2018-16348
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.
Seacms Seacms 6.61
9.1
CVSSv3
CVE-2018-16444
An issue exists in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
Seacms Seacms 6.61
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »