CRITICAL🇵🇱 Wersja polska

CVE-2025-44074

CVSS 9.8v3.1pub. 2025-05-05upd. 2025-05-13

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.

🤖 AI Analysis
How it works

The SQL injection vulnerability (CWE-89) involves insufficient validation or filtering of input data passed to the admin_topic.php component. An attacker can inject malicious SQL code directly into a query executed by the application, manipulating data passed to the database. Due to the AV:N/AC:L/PR:N/UI:N vector, the attack can be performed remotely, without authentication and without user interaction.

Impact

An attacker can obtain unauthorized access to data stored in the database, as well as modify or delete data and potentially take control of the database system, which threatens the confidentiality, integrity, and availability of the application.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. It is also recommended to restrict access to the admin panel (admin_topic.php) exclusively to trusted IP addresses and implement firewall rules blocking unauthorized access to administrative resources.

Who is affected

SeaCMS version 13.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Seacms

    APP
    Seacms
    13.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-44073CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_comment_news.php

CVE-2025-44071CRITICAL9.8PL ✓ten sam produkt

RCE w SeaCMS v13.3 przez komponent phomebak.php

CVE-2025-44072CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_manager.php

CVE-2025-29647CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_tempvideo.php

CVE-2025-25520CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SeaCMS — podatny plik admin_pay.php