Michaelwayneliu

**Name of the Vulnerable Software and Affected Versions** SeaCMS versions through 6.61 **Description** An issue in SeaCMS allows remote attackers to delete arbitrary files via directory traversal sequences in the `bakfiles` parameter in the 'adm1n/admin database.php' endpoint. This can lead to the product being reinstalled by deleting 'install lock.txt'. **Recommendations** For SeaCMS versions through 6.61, consider restricting access to the 'adm1n/admin database.php' endpoint to prevent exploitation, and avoid using the `bakfiles` parameter until the issue is resolved.