v9d0g/CVEs

Releases0

Provide CVE public details.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-50808 ↗	Nov 8, 2024Friday, 8 November 2024, 21:15	8.8 HIGH	—
SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.
CVE-2024-50809 ↗	Nov 8, 2024Friday, 8 November 2024, 21:15	8.8 HIGH	—
The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands