CVE-2025-15003

Summary

A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
n/aSeaCMS13.0affected
n/aSeaCMS13.1affected
n/aSeaCMS13.2affected
n/aSeaCMS13.3affected

Weaknesses

  • CWE-89: SQL Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References