CVE-2025-22974

Critical CVSS: 9.8

SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.

Vendor

Seacms

Product

Seacms

CWE

CWE-89

Yayın Tarihi

2025-02-24 23:15:11

Güncelleme

2025-03-25 16:36:17

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Seacms CRITICAL Seacms 2025

Referanslar

https://github.com/202110420106/CVE/blob/master/seacms/CVE-2025-22974.md

Benzer Kayıtlar

Medium

CVE-2020-36932

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page.…

Medium

CVE-2025-15003

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php.…

Medium

CVE-2025-15002

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/d…

Medium

CVE-2025-60449

An information disclosure vulnerability has been discovered in SeaCMS 13.1. The vulnerability exists in the admin_safe.p…

Medium

CVE-2025-11071

A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admin_c…

Medium

CVE-2025-10662

A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_memb…