Design/Logic Flaw

2018-09-0218:29:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.

CPENameOperatorVersion
seacmseq6.61

CPE	Name	Operator	Version
	seacms	eq	6.61

References

zhinianyuxin.postach.io/post/seacms-v6-61-latest-version-backend-rce

github.com/cumtxujiabin/CmsPoc/blob/master/Seacms_v6.61_backend_RCE.md