CVE-2020-21378

CRITICAL

Seacms - SQL Injection

Title source: rule

Description

SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.

Exploits (1)

nomisec NO CODE
by sukusec301 · poc
https://github.com/sukusec301/SeaCMS-v10.1

References (1)

Scores

CVSS v3 9.8
EPSS 0.0841
EPSS Percentile 92.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
seacms/seacms 10.1
Published Dec 21, 2020
Tracked Since Feb 18, 2026