PT-2018-13763 · Seacms · Seacms

Published

2018-09-21

Updated

2018-11-07

CVE-2018-16822

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SeaCMS version 6.64

Description The issue allows SQL Injection via the order parameter in the upload/admin/admin video.php endpoint.

Recommendations For SeaCMS version 6.64, consider restricting access to the upload/admin/admin video.php endpoint until a patch is available, and avoid using the order parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-16822

Affected Products

Seacms

PT-2018-13763 · Seacms · Seacms

CVE-2018-16822

Weakness Enumeration

Related Identifiers

Affected Products

References · 4