CVE-2025-15002 | SeaCMS up to 13.3 mysqli.class.php page/limit sql injection

December 21, 2025 Yanac

A vulnerability described as critical has been identified in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection.

This vulnerability is documented as CVE-2025-15002. The attack can be executed remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More