Product
seacms
116 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2020-36932
CVE-2025-15003
CVE-2025-15002
CVE-2025-60449
CVE-2025-11071
CVE-2025-10662
CVE-2025-50592
CVE-2025-6864
CVE-2024-40570
CVE-2025-44073
CVE-2025-44074
CVE-2025-44072
CVE-2025-44071
CVE-2025-4257
CVE-2025-4256
CVE-2025-3797
CVE-2025-3792
CVE-2025-29647
CVE-2025-25813
CVE-2025-25802
CVE-2025-25800
CVE-2025-25799
CVE-2025-25797
CVE-2025-25796
CVE-2025-25794
CVE-2025-25793
CVE-2025-25792
CVE-2025-25521
CVE-2025-25520
CVE-2025-25519
CVE-2025-25517
CVE-2025-25516
CVE-2025-25515
CVE-2025-25514
CVE-2025-22974
CVE-2025-25513
CVE-2024-54880
CVE-2024-54879
CVE-2024-55461
CVE-2024-50808
CVE-2024-46640
CVE-2024-44721
CVE-2024-44720
CVE-2024-44921
CVE-2024-44920
CVE-2024-44683
CVE-2024-44918
CVE-2024-44916
CVE-2024-44919
CVE-2024-41444
CVE-2024-42599
CVE-2024-42598
CVE-2024-7163
CVE-2024-7162
CVE-2024-7161
CVE-2024-39036
CVE-2024-40522
CVE-2024-40521
CVE-2024-40520
CVE-2024-40519
CVE-2024-40518
CVE-2024-39028
CVE-2024-39027
CVE-2024-6416
CVE-2024-31611
CVE-2024-30565
CVE-2024-29275
CVE-2023-50470
CVE-2023-46987
CVE-2023-46010
CVE-2023-44848
CVE-2023-44847
CVE-2023-44846
CVE-2023-44172
CVE-2023-44171
CVE-2023-44170
CVE-2023-44169
CVE-2023-43222
CVE-2023-43216
CVE-2023-43278
CVE-2023-37125
CVE-2023-37124
CVE-2023-2926
CVE-2023-0960
CVE-2022-48093
CVE-2021-39426
CVE-2022-43256
CVE-2022-28076
CVE-2022-27336
CVE-2022-23878
CVE-2021-37358
CVE-2021-29313
CVE-2020-28846
CVE-2020-26642
CVE-2020-21378
CVE-2019-8418
CVE-2018-19350
CVE-2018-19349
CVE-2018-17365
CVE-2018-17321
CVE-2018-16822
CVE-2018-16821
CVE-2018-17062
CVE-2018-16446
CVE-2018-16445
CVE-2018-16444
CVE-2018-16348
CVE-2018-16343
CVE-2018-14910
CVE-2018-14517
CVE-2018-14421
CVE-2018-13445
CVE-2018-13444
CVE-2018-12431
CVE-2018-11583
CVE-2017-17561
all versions
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers
>= 13.0 and <= 13.3
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performin
>= 13.0 and <= 13.3
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dm
all versions
An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.php compone
all versions
A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_cron.php of
<= 13.3
A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac
< 13.2
Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.
<= 13.2
A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown
all versions
SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php
all versions
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
all versions
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
all versions
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerabil
all versions
A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of
all versions
A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_pay
<= 13.3
A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_
<= 13.3
A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing
all versions
SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.
all versions
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.ph
all versions
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
all versions
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
<= 13.3
Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.
<= 13.3
Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.
<= 13.3
Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php.
<= 13.3
Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php.
<= 13.3
Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php.
<= 13.3
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
<= 13.3
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.
<= 13.2
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql p
<= 13.3
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
all versions
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register
all versions
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge
<= 13.0
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
all versions
SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend us
all versions
SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function,
all versions
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.
all versions
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php.
all versions
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
all versions
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arb
all versions
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
all versions
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbit
all versions
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the
all versions
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary we
all versions
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
all versions
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes
all versions
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imp
all versions
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/playe
all versions
A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown f
all versions
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of
all versions
SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.
all versions
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable n
all versions
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php impos
all versions
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and
all versions
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing
all versions
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writi
<= 12.9
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
all versions
SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid par
all versions
A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functiona
all versions
SeaCMS 12.9 has a file deletion vulnerability via admin_template.php.
all versions
An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.
all versions
SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain s
all versions
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary
all versions
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
<= 12.9
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
<= 12.8
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.
<= 12.8
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.
<= 12.8
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.
all versions
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.
all versions
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.
all versions
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.
all versions
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.
< 12.8
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
all versions
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.
<= 12.8
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin accoun
all versions
A stored cross-site scripting (XSS) vulnerability in the Management Custom label module of SEACMS v12.1 allows attackers to execut
all versions
A stored cross-site scripting (XSS) vulnerability in the Site Setup module of SEACMS v12.1 allows attackers to execute arbitrary w
all versions
A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file mem
all versions
A vulnerability was found in SeaCMS 11.6 and classified as problematic. Affected by this issue is some unknown functionality of th
all versions
Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.
all versions
An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute arbitrary php code via the no
< 12.6
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
all versions
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.
all versions
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.
all versions
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.
all versions
SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via the component "admin_ajax.php?a
all versions
Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php,
all versions
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add a
all versions
A cross-site scripting (XSS) vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to
all versions
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.
all versions
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
all versions
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstr
all versions
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.p
all versions
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
all versions
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset actio
all versions
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
all versions
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
all versions
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recy
<= 6.61
An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via dir
<= 6.61
An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request
all versions
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
all versions
SeaCMS V6.61 has XSS via the admin_video.php v_content parameter, related to the site name.
all versions
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $G
all versions
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n
all versions
SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.
all versions
SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php
all versions
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?acti
all versions
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add an admin account via adm1n/admin_manager.php?ac
all versions
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page).
all versions
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
all versions
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping