SeaCMS 漏洞與 CVE 列表(114)

產品(CPE): — CVE 數: 114

SeaCMS 漏洞概覽

彙總 SeaCMS 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 工作階段劫持,並影響 生產負載與軟體部署 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 120114 CVE 數
«« 第一頁 « 上一頁 第 1 / 6 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2020-36932 SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded. [email protected] 5.1 0.24% 2026-01-25 2026-06-16
CVE-2025-15003 A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. [email protected] 2.0 0.31% 2025-12-21 2026-06-17
CVE-2025-15002 A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.5 0.39% 2025-12-21 2026-06-17
CVE-2025-60449 An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php component located in the /btcoan/ directory. This security flaw allows authenticated administrators to scan and download not only the application’s source code but also potentially any file accessible on the server’s root directory. [email protected] 4.9 0.33% 2025-10-03 2026-06-17
CVE-2025-11071 A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. [email protected] 2.0 0.31% 2025-09-27 2026-06-17
CVE-2025-10662 A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This affects another injection point than CVE-2025-25513. [email protected] 2.0 0.38% 2025-09-18 2026-06-17
CVE-2025-50592 Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. [email protected] 5.4 0.19% 2025-08-05 2026-07-04
CVE-2025-6864 A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admin_type.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. [email protected] 2.1 0.16% 2025-06-29 2026-06-17
CVE-2024-40570 SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component. [email protected] 6.5 0.35% 2025-06-17 2026-06-17
CVE-2025-44073 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php. [email protected] 9.8 0.41% 2025-05-06 2026-06-17
CVE-2025-44074 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. [email protected] 9.8 0.42% 2025-05-05 2026-06-17
CVE-2025-44072 SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. [email protected] 9.8 0.42% 2025-05-05 2026-06-17
CVE-2025-44071 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. [email protected] 9.8 0.81% 2025-05-05 2026-06-17
CVE-2025-4257 A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.1 0.25% 2025-05-04 2026-06-17
CVE-2025-4256 A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.1 0.25% 2025-05-04 2026-06-17
CVE-2025-3797 A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.1 0.40% 2025-04-19 2026-06-17
CVE-2025-3792 A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.1 0.56% 2025-04-18 2026-06-17
CVE-2025-29647 SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. [email protected] 9.8 0.46% 2025-04-03 2026-06-17
CVE-2025-25813 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. [email protected] 5.1 0.40% 2025-02-26 2026-07-04
CVE-2025-25802 SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. [email protected] 5.1 0.40% 2025-02-26 2026-07-04
«« 第一頁 « 上一頁 第 1 / 6 頁 下一頁 »
cvelogic Threat Intelligence