狗And猫

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 12.9 **Description** The issue is caused by `admin weixin.php` directly splicing and writing user input data into `weixin.php` without processing it. This allows authenticated attackers to execute arbitrary commands and obtain system permissions. **Recommendations** For SeaCMS version 12.9, consider restricting access to `admin weixin.php` and `weixin.php` to minimize the risk of exploitation. Avoid using unprocessed user input data in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 12.9 **Description** The issue is caused by the `admin smtp.php` file directly splicing and writing user input data into `weixin.php` without processing it. This allows authenticated attackers to execute arbitrary commands and obtain system permissions. **Recommendations** For SeaCMS version 12.9, consider restricting access to the `admin smtp.php` file and `weixin.php` to minimize the risk of exploitation. As a temporary workaround, avoid using the `admin smtp.php` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeaCMS version 12.9 **Description** The issue is caused by the `phomebak.php` file writing variable names passed in without filtering them before writing them into the php file. This allows an authenticated attacker to execute arbitrary commands and obtain system permissions. **Recommendations** For SeaCMS version 12.9, consider disabling the `phomebak.php` file until a patch is available to prevent exploitation. Restrict access to the file to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.