Pysnow1

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 12.9 **Description** The issue is caused by an unauthorized SQL injection through the `cid` parameter at the "/js/player/dmplayer/dmku/index.php?ac=edit" API endpoint, which can lead to the leakage of sensitive database information. **Recommendations** For SeaCMS version 12.9, as a temporary workaround, consider restricting access to the "/js/player/dmplayer/dmku/index.php?ac=edit" API endpoint to minimize the risk of exploitation. Avoid using the `cid` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.