SQL Injection Vulnerability in SeaCMS by SeaCMS
CVE-2025-3792

7.2HIGH

Key Information:

Vendor

SeaCMS

Status
SeaCMS
Vendor
CVE Published:
18 April 2025

What is CVE-2025-3792?

A vulnerability exists in SeaCMS versions up to 13.3 that allows for SQL injection through a manipulated request to /admin_link.php by altering the argument e_id. This vulnerability can be exploited remotely, presenting a significant risk to systems using affected versions. The information about this issue has been publicly disclosed and is susceptible to exploitation.

References

https://github.com/FSRM1/CVE/blob/main/seacms_sql%E6%B3%A...
https://vuldb.com/?ctiid.305615
https://vuldb.com/?id.305615

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.
CVE-2025-3792 : SQL Injection Vulnerability in SeaCMS by SeaCMS