SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-03T19:00:00
Updated: 2024-08-05T09:46:24.720Z
Reserved: 2018-08-03T00:00:00
Link: CVE-2018-14910
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-08-03T19:29:00.433
Modified: 2024-11-21T03:50:04.210
Link: CVE-2018-14910
Redhat
No data.