PT-2018-13508 · Seacms · Seacms
Jas0Nwhy
·
Published
2018-09-02
·
Updated
2018-10-25
·
CVE-2018-16348
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SeaCMS version 6.61
Description
The issue is related to a problem where an attacker can execute arbitrary code via the
v content parameter in the admin video.php file, which is linked to the site name.Recommendations
For SeaCMS version 6.61, avoid using the
v content parameter in the admin video.php file until a fix is available. As a temporary workaround, consider restricting access to the admin video.php file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms