CNNVD-202512-3876 Information

Dec 21, 2025 cve

CNNVD ID

CNNVD-202512-3876

CVE-2025-15002

CNNVD Published: 2025-12-21

Description (Chinese)

SeaCMS是海洋CMS（SeaCMS）公司的一套使用PHP编写的免费、开源的网站内容管理系统。该系统主要被设计用来管理视频点播资源。 SeaCMS 13.3及之前版本存在SQL注入漏洞，该漏洞源于文件js/player/dmplayer/dmku/class/mysqli.class.php中未知函数对参数page/limit处理不当，可能导致SQL注入。

Description (English)

SeaCMS is a free, open-source web content management system developed by SeaCMS using PHP. The system is primarily designed to manage video on-demand resources. SeaCMS 13.3 and previous versions have an injection loophole in SQL, which stems from the inappropriate handling of parameters by unknown functions in document js/player/dmplayer/dmku/class/mysqli.class.php, which may result in SQL injection.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

海洋CMS

Published

2025-12-21

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.337707 https://vuldb.com/?submit.716083 https://vuldb.com/?id.337707 https://note-hxlab.wetolink.com/share/VFwALb6qhnTZ https://access.redhat.com/security/cve/cve-2025-15002

Share on: