seopanel 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection、vendor risk ssrf, and vendor risk csrf があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-47872 | SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by injecting malicious SQL code into the order column parameter. | [email protected] | 7.0 | 0.22% | 2026-01-21 | 2026-06-17 |
| CVE-2025-29452 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component. | [email protected] | 7.6 | 0.38% | 2025-04-17 | 2026-06-17 |
| CVE-2025-29451 | An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component. | [email protected] | 7.6 | 0.38% | 2025-04-17 | 2026-06-17 |
| CVE-2024-22648 | A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | [email protected] | 5.3 | 0.61% | 2024-01-30 | 2026-06-17 |
| CVE-2024-22647 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | [email protected] | 5.3 | 0.56% | 2024-01-30 | 2026-06-17 |
| CVE-2024-22646 | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | [email protected] | 5.3 | 0.58% | 2024-01-30 | 2026-06-17 |
| CVE-2024-22643 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | [email protected] | 6.5 | 0.33% | 2024-01-30 | 2026-06-17 |
| CVE-2021-34117 | SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in function getUserName in the username parameter, allows attackers to gain sensitive information. | [email protected] | 7.5 | 0.94% | 2023-02-15 | 2026-06-16 |
| CVE-2021-39413 | Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) | [email protected] | 6.1 | 0.81% | 2021-11-05 | 2026-06-17 |
| CVE-2020-27461 | A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function. | [email protected] | 8.8 | 3.74% | 2021-08-20 | 2026-06-16 |
| CVE-2021-29010 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. | [email protected] | 4.8 | 0.76% | 2021-03-25 | 2026-06-16 |
| CVE-2021-29009 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. | [email protected] | 4.8 | 0.83% | 2021-03-25 | 2026-06-16 |
| CVE-2021-29008 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. | [email protected] | 4.8 | 0.76% | 2021-03-25 | 2026-06-16 |
| CVE-2021-28420 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | [email protected] | 4.8 | 1.93% | 2021-03-18 | 2026-06-16 |
| CVE-2021-28419 | The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL injection, which leads to the ability to retrieve all databases. | [email protected] | 7.2 | 10.67% | 2021-03-18 | 2026-06-16 |
| CVE-2021-28418 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | [email protected] | 4.8 | 1.87% | 2021-03-18 | 2026-06-16 |
| CVE-2021-28417 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | [email protected] | 4.8 | 1.87% | 2021-03-18 | 2026-06-16 |
| CVE-2021-3002 | Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | [email protected] | 6.1 | 4.28% | 2021-01-01 | 2026-06-17 |
| CVE-2020-35930 | Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI. | [email protected] | 5.4 | 0.51% | 2020-12-31 | 2026-06-16 |
| CVE-2018-14384 | The Website Manager module in SEO Panel 3.13.0 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability, allowing remote authenticated attackers to inject arbitrary web script or HTML via the websites.php name parameter. | [email protected] | 4.8 | 0.79% | 2020-03-02 | 2026-06-16 |