SQL Injection Vulnerability in SeaCMS by SeaCMS
CVE-2025-3792

7.2HIGH

Key Information:

Vendor: SeaCMS
Status: SeaCMS
Vendor: CVE Published:; 18 April 2025

What is CVE-2025-3792?

A vulnerability exists in SeaCMS versions up to 13.3 that allows for SQL injection through a manipulated request to /admin_link.php by altering the argument e_id. This vulnerability can be exploited remotely, presenting a significant risk to systems using affected versions. The information about this issue has been publicly disclosed and is susceptible to exploitation.

References

https://github.com/FSRM1/CVE/blob/main/seacms_sql%E6%B3%A...

https://vuldb.com/?ctiid.305615

https://vuldb.com/?id.305615

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025