Thekingofduck

**Name of the Vulnerable Software and Affected Versions** SeaCMS versions 6.64 through 7.2 **Description** The issue allows remote attackers to delete arbitrary files. This is achieved via the `filedir` parameter. **Recommendations** For SeaCMS versions 6.64 through 7.2, avoid using the `filedir` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.