CRITICAL🇵🇱 Wersja polska

CVE-2025-29647

CVSS 9.8v3.1pub. 2025-04-03upd. 2025-04-08

SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.

🤖 AI Analysis
How it works

The vulnerability consists of insufficient validation and sanitization of user-supplied input data provided to the admin_tempvideo.php component in SeaCMS v13.3. An attacker can inject malicious SQL code into queries directed to the database, allowing their unintended execution. The attack is possible remotely, without authentication, over the network (AV:N, PR:N), which significantly increases the risk level.

Impact

An attacker can gain unauthorized access to sensitive data, modify or delete database content, and under favorable conditions take full control of the application and database system. The vulnerability threatens the confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Until the patch is deployed, it is recommended to restrict access to the SeaCMS administration panel through a firewall or network-level access control.

Who is affected

SeaCMS version 13.3 (admin_tempvideo.php component)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Seacms

    APP
    Seacms
    13.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-44073CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_comment_news.php

CVE-2025-44074CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_topic.php

CVE-2025-44071CRITICAL9.8PL ✓ten sam produkt

RCE w SeaCMS v13.3 przez komponent phomebak.php

CVE-2025-44072CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_manager.php

CVE-2025-25520CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SeaCMS — podatny plik admin_pay.php