Soumettre #716084: SeaCMS 13.3 SQL Injectioninformation

TitreSeaCMS 13.3 SQL Injection
DescriptionMultiple SQL injection vulnerabilities exist in the SeaCMS backend video management module. The vulnerable code uses `implode()` to concatenate array elements directly into SQL queries without proper sanitization. **⚠️ CRITICAL: Unlike frontend vulnerabilities, the backend disables SQL security checks!** **Vulnerability Characteristics:** - **Authentication Required**: Backend administrator access needed - **Multiple Injection Points**: Lines 260, 293, 318, 326 - **WAF Protection**: ❌ DISABLED in backend (`$dsql->safeCheck = false`) - **Fully Exploitable**: ✅ YES - UNION and time-based blind injection confirmed
La source⚠️ https://note-hxlab.wetolink.com/share/aTI1wPFLm7FG
Utilisateur
 yu22x (UID 34832)
Soumission16/12/2025 02:24 (il y a 6 mois)
Modérer21/12/2025 09:31 (5 days later)
StatutAccepté
Entrée VulDB337708 [SeaCMS jusqu’à 13.3 admin_video.php e_id injection SQL]
Points20

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!