CVE-2017-17561

2017-12-1218:00:00

mitre

www.cve.org

seacms

remote code execution

authenticated administrators

php code

admin_ping.php

data/admin/ping.php

AI Score

7.1

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.

References

www.jianshu.com/p/35af80b97ee6

gist.github.com/WangYihang/9507e2efdceb67a5bc2761200f19f213