Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
seacms seacms 6.64 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2018-19349
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
Seacms Seacms 6.64
5.4
CVSSv3
CVE-2018-19350
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
Seacms Seacms 6.64
7.5
CVSSv3
CVE-2018-17365
SeaCMS 6.64 and 7.2 allows remote malicious users to delete arbitrary files via the filedir parameter.
Seacms Seacms 6.64
Seacms Seacms 7.2
6.1
CVSSv3
CVE-2018-17321
An issue exists in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
Seacms Seacms 6.64
9.8
CVSSv3
CVE-2018-16822
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
Seacms Seacms 6.64
5.3
CVSSv3
CVE-2018-16821
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
Seacms Seacms 6.64
6.1
CVSSv3
CVE-2018-17062
An issue exists in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.
Seacms Seacms 6.64
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started