Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
seacms seacms 6.64 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-19349
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
Seacms Seacms 6.64
3.5
CVSSv2
CVE-2018-19350
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
Seacms Seacms 6.64
6.4
CVSSv2
CVE-2018-17365
SeaCMS 6.64 and 7.2 allows remote malicious users to delete arbitrary files via the filedir parameter.
Seacms Seacms 6.64
Seacms Seacms 7.2
4.3
CVSSv2
CVE-2018-17321
An issue exists in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
Seacms Seacms 6.64
5
CVSSv2
CVE-2018-16821
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
Seacms Seacms 6.64
7.5
CVSSv2
CVE-2018-16822
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
Seacms Seacms 6.64
4.3
CVSSv2
CVE-2018-17062
An issue exists in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.
Seacms Seacms 6.64
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started