Lucene search
CVE-2018-14910
SeaCMS v6.61 allows Remote Code execution via placing PHP code in an allowed IP address to /admin/admin_ip.php
Show more
| Reporter | Title | Published | Views | Family All 3 |
|---|---|---|---|---|
 | CVE-2018-14910 | 3 Aug 201819:00 | – | cvelist |
 | CVE-2018-14910 | 3 Aug 201819:29 | – | nvd |
 | Cross site request forgery (csrf) | 3 Aug 201819:29 | – | prion |
| Source | Link |
|---|---|
| github | www.github.com/MichaelWayneLIU/seacms/blob/master/seacms2.md |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| ip | path | /admin/admin_ip.php | Remote Code Execution vulnerability allows PHP code execution when provided IP is allowed. | CWE-94, CWE-352 |
| ip | path | /adm1n/admin_ip.php | Remote Code Execution vulnerability allows PHP code execution when provided IP is allowed. | CWE-94, CWE-352 |
| ip | path | /data/admin/ip.php | Remote Code Execution vulnerability allows PHP code execution when provided IP is allowed. | CWE-94, CWE-352 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 Aug 2018 19:29Current
8.9High risk
Vulners AI Score8.9
CVSS26.8
CVSS38.8
EPSS0.02892