CVE-2018-16821

Name of the Vulnerable Software and Affected Versions SeaCMS version 6.64

Description The issue allows for arbitrary directory listing. This can be achieved through specific requests to the upload/admin/admin template.php endpoint, where the path parameter is manipulated to access directories outside the intended scope, such as ../templets/../../.

Recommendations For SeaCMS version 6.64, consider restricting access to the upload/admin/admin template.php endpoint until a patch is available, or apply configuration changes to limit the path parameter's ability to traverse directories.