Primary

Context

SeaCMS Cross-Site Request Forgery Vulnerability in admin_type.php

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in SeaCMS versions prior to 13.2. The issue resides in the file admin_type.php, where an unknown functionality can be manipulated to perform unauthorized actions. This vulnerability can be exploited remotely and requires user interaction from the victim.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can trick a user into performing actions they did not intend to.

Reproduction

To reproduce this vulnerability, locate a SeaCMS installation that is running a version prior to 13.2. The vulnerability can be found by searching for 'admin_type.php' using Google Hacking techniques. Once a vulnerable target is identified, an exploit can be executed that takes advantage of the CSRF flaw.

Added: Jun 29, 2025, 4:16 PM

Updated: Jun 29, 2025, 4:16 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.9

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.9

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SeaCMS Cross-Site Request Forgery Vulnerability in admin_type.php

Vulnerability

Impact

Reproduction

Affected Products

SeaCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating