SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
The vulnerability consists of insufficient validation and sanitization of user-supplied input data provided to the admin_tempvideo.php component in SeaCMS v13.3. An attacker can inject malicious SQL code into queries directed to the database, allowing their unintended execution. The attack is possible remotely, without authentication, over the network (AV:N, PR:N), which significantly increases the risk level.
An attacker can gain unauthorized access to sensitive data, modify or delete database content, and under favorable conditions take full control of the application and database system. The vulnerability threatens the confidentiality, integrity, and availability of the system.
Patches available from the manufacturer should be applied in accordance with the references. Until the patch is deployed, it is recommended to restrict access to the SeaCMS administration panel through a firewall or network-level access control.
SeaCMS version 13.3 (admin_tempvideo.php component)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSeacms
APPSeacms13.3
Related vulnerabilities
SQL injection w SeaCMS v13.3 — komponent admin_comment_news.php
SQL injection w SeaCMS v13.3 — komponent admin_topic.php
RCE w SeaCMS v13.3 przez komponent phomebak.php
SQL injection w SeaCMS v13.3 — komponent admin_manager.php
SQL Injection w SeaCMS — podatny plik admin_pay.php