SQL Injection Vulnerability in SeaCMS by SeaCMS
CVE-2025-3792

4.7MEDIUM

Key Information:

Vendor: SeaCMS
Status: SeaCMS
Vendor: CVE Published:; 18 April 2025

Summary

A vulnerability exists in SeaCMS versions up to 13.3 that allows for SQL injection through a manipulated request to /admin_link.php by altering the argument e_id. This vulnerability can be exploited remotely, presenting a significant risk to systems using affected versions. The information about this issue has been publicly disclosed and is susceptible to exploitation.

References

https://github.com/FSRM1/CVE/blob/main/seacms_sql%E6%B3%A...

https://vuldb.com/?ctiid.305615

https://vuldb.com/?id.305615

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2025