CVE-2024-41444
CRITICALSeaCMS v12.9 - SQL Injection via DM Player Key Parameter
Title source: llmDescription
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
References (3)
Core 3
Core References
Third Party Advisory
https://gist.github.com/looppppp/fa328c81ce19c1097d10f95c763d0d50
Issue Tracking
https://www.seacms.net/p-549
Scores
CVSS v3
9.8
EPSS
0.0049
EPSS Percentile
38.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
seacms/seacms
12.9
Published
Aug 26, 2024
Tracked Since
Feb 18, 2026