SQL Injection Vulnerability in SeaCMS v13.3 by SeaCMS
CVE-2025-29647

9.8CRITICAL

Key Information:

Vendor: SeaCMS
Status: SeaCMS
Vendor: CVE Published:; 3 April 2025

What is CVE-2025-29647?

SeaCMS version 13.3 is susceptible to SQL injection attacks through the 'admin_tempvideo.php' component. This vulnerability could allow unauthorized users to manipulate queries, resulting in potential data exposure or corruption. Attackers could exploit this flaw to access sensitive information from the database, making it crucial to apply security measures to protect against such exploits.

References

https://gitee.com/B00W_NSD/poc/blob/master/seacms13.3-sql...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Mar 11, 2025