CRITICAL🇵🇱 Wersja polska

CVE-2025-44073

CVSS 9.8v3.1pub. 2025-05-06upd. 2025-06-12

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.

🤖 AI Analysis
How it works

The vulnerability consists of the lack of proper validation and sanitization of input data passed to the admin_comment_news.php component. An attacker can inject malicious SQL code into queries directed to the application's database. Due to the network vector (AV:N), no authentication requirement (PR:N) and no user interaction (UI:N), the exploit can be executed completely remotely.

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete data, and under favorable conditions take full control of the backend system — which corresponds to high impact on confidentiality, integrity and availability (C:H/I:H/A:H).

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Until the fix is implemented, it is recommended to restrict access to the administration panel (including admin_comment_news.php) exclusively to trusted IP addresses at the firewall or web server level.

Who is affected

SeaCMS version 13.3

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Seacms

    APP
    Seacms
    13.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-44071CRITICAL9.8PL ✓ten sam produkt

RCE w SeaCMS v13.3 przez komponent phomebak.php

CVE-2025-44074CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_topic.php

CVE-2025-44072CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_manager.php

CVE-2025-29647CRITICAL9.8PL ✓ten sam produkt

SQL injection w SeaCMS v13.3 — komponent admin_tempvideo.php

CVE-2025-25520CRITICAL9.8PL ✓ten sam produkt

SQL Injection w SeaCMS — podatny plik admin_pay.php