Seacms · Seacms · CVE-2025-22974
**Name of the Vulnerable Software and Affected Versions**
SeaCMS versions 13.2 and earlier
**Description**
The issue allows a remote attacker to execute arbitrary code via the `DoTranExecSql` parameter in the `phome.php` component. This enables the attacker to perform unauthorized actions on the system.
**Recommendations**
For SeaCMS versions 13.2 and earlier, update to a version that fixes this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.