cvedb.io
CVE-2018-14421
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-07-20T01:29:01.940 · Last modified 2026-06-17T01:40:57.887

Summary

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

Affected products

seacms — seacms

Does this affect you?

Add your gear to cvedb and we'll alert you only when seacms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.