CVE-2018-14910: CSRF
First published: Fri Aug 03 2018(Updated: )
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Seacms Seacms | =6.61 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-14910.
What is the severity of CVE-2018-14910?
The severity of CVE-2018-14910 is high.
Which software version is affected?
SeaCMS v6.61 is affected by this vulnerability.
How can this vulnerability be exploited?
This vulnerability can be exploited by placing PHP code in an allowed IP address to /admin/admin_ip.php or data/admin/ip.php and then visiting those URLs.
Is there a fix available for CVE-2018-14910?
The fix for CVE-2018-14910 is not specified in the provided information. It is recommended to check the official vendor's website or contact them for a patch or workaround.
- collector/nvd-index
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- vendor/seacms
- canonical/seacms seacms
- version/seacms seacms/6.61