VYPR
High severity8.8NVD Advisory· Published Jul 20, 2018· Updated Jun 17, 2026

CVE-2018-14421

CVE-2018-14421

Description

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

Affected products

2
  • Seacms/Seacmsinferred2 versions
    = 6.61+ 1 more
    • (no CPE)range: = 6.61
    • (no CPE)range: =6.61

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.