CVE-2018-14421
SeaCMS v6.61 contains a Remote Code Execution vulnerability. An attacker can place PHP code in the movie picture address (v_pic) passed to /admin/admin_video.php (aka /backend/admin_video.php), which gets executed when visiting /details/index.php. The issue can also be exploited via CSRF, enablin...