CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-14421

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html
http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html

Products affected by CVE-2018-14421

Seacms » Seacms » Version: 6.61

cpe:2.3:a:seacms:seacms:6.61

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14421

Products

Pricing

Contact Us