Seacms: community verdicts
17 notable / known-exploited Seacms CVEs the community has triaged.
- CVE-2023-46987HIGH 8.8Real · low riskEPSS 2%
SeaCMS v12.9 was discovered to contain a remote code execution (RCE) vulnerability via the component /augap/adminip.php.
- CVE-2023-46010CRIT 9.8Real · low riskEPSS 1%
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
- CVE-2024-44916HIGH 7.2Real · low riskEPSS 1%
Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution.
- CVE-2024-54879CRIT 9.1Real · low riskEPSS 1%
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
- CVE-2024-50808HIGH 8.8Real · low riskEPSS 1%
SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.
- CVE-2023-50470MED 5.4EPSS 0%
A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2025-25800MED 5.3EPSS 0%
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.
- CVE-2025-25797MED 5.1EPSS 0%
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
- CVE-2025-25794MED 5.1EPSS 0%
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
- CVE-2025-25793MED 5.1EPSS 0%
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
- CVE-2025-25813MED 5.1EPSS 0%
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
- CVE-2025-25802MED 5.1EPSS 0%
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.
- CVE-2025-25796MED 5.1EPSS 0%
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
- CVE-2025-25792MED 4.4EPSS 0%
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
- CVE-2023-43278HIGH 8.8Real · low riskEPSS 0%
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
- CVE-2025-25799MED 6EPSS 0%
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
- CVE-2025-50592MED 5.4EPSS 0%
Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.