seacms-net/CMS

SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component.

A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php.

SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.

SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.

SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.

SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked.

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.