CMS

CMS copied to clipboard

SeaCMS_V13.1_install_f/admin/admin_notify.php have a RCE

2

### Vulnerable file ```php if($action=="set") { $notify1= $_POST['notify1']; $notify2= $_POST['notify2']; $notify3= $_POST['notify3']; $open=fopen("../data/admin/notify.php","w" ); $str='

0kooo

Authenticated SQL Injection in SeaCMS v12.9

1

**Summary** SeaCMS v12.9 has an authenticated SQL injection vulnerability in the {random}/admin_datarelate.php file, where user provided data is directly used for SQL queries without proper cleaning  **Proof of Concept...

Tddddddddd

SeaCMS v12.9 admin_ping.php 远程代码执行

1

# Introduction SeaCMS is a free, open-source website content management system written in PHP. The system is mainly designed to manage video-on-demand resources. SeaCMS 12.9 version has a remote code...

pysnow1

# 总结 SeaCMS v12.9 存在未授权SQL注入漏洞，该漏洞源于/js/player/dmplayer/dmku/index.php?ac=edit处能够通过cid参数进行sql注入，从而导致数据库敏感信息泄露 ## 漏洞介绍  js/player/dmplayer/dmku/index.php处存在SQL注入，传入ac=edit能够调用`$d->编辑弹幕($cid)`   而在`编辑_弹幕`方法处没有进行过滤导致cid、text、color都能够引起sql注入 ## 漏洞验证  延时3秒  延时6秒 ## POC ```http POST /js/player/dmplayer/dmku/index.php?ac=edit HTTP/1.1 Host: ip User-Agent: Mozilla/5.0 (Windows NT...

pysnow1

**Summary** SeaCMS v12.9 suffers from an unauthenticated SQL injection vulnerability in the dmku/index.php file where user-supplied data is used directly in an SQL query without proper sanitization. No filtering found...

Tddddddddd

Unauthenticated SQL Injection in SeaCMS v12.9

1

### Summary SeaCMS v12.9 suffers from an unauthenticated SQL injection vulnerability in the dmku/index.php file where user-supplied data is used directly in an SQL query without proper sanitization. ### Detail...

Hebing123

后台一键生成当天不会生成包含二级分类的顶级分类，只会生成二级分类和不包含二级分类的顶级分类

2dan

sea_type表的upid设置为了tinyint(6)导致id超过255的子分类 seacms.sql文件465行

wlor0623

在专题页新添加视频的时候，怎么才能按照剧情分类选择呢？ 能不能支持一下这个功能呢，现在专题添加视频的时候可用筛选项太少啦

ha0719

海洋CMS最新v10.1正式版发布

2

简单 · 快速 · 稳定 · 开源 基于GPL协议100%开源免费，自适应电脑、手机、平板、APP多终端入口，无加密、安全有保障，是您最佳的建站工具! 官网下载：www.seacms.net

seacms-net