Primary

Context

SeaCMS Remote Code Execution Vulnerability in admin_template.php

Vulnerability

A remote code execution vulnerability exists in SeaCMS version 13.3 within the admin_template.php file. The issue arises because the file allows path traversal, enabling an attacker to write PHP code into certain file types, which can then be executed on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the server with the privileges of the web server user.

Reproduction

To reproduce this vulnerability, send a POST request to '0omeqd/admin_template.php' with the 'action=saveCus' parameter. Include a 'filedir' parameter that traverses to '0omeqd/templets/admin_template.htm' and a 'content' parameter with the PHP code to be executed, such as '<?php phpinfo();?>'. After the file is saved, the injected code can be executed by sending a request with 'action=add', which includes the 'admin_template.htm' file, thereby executing the PHP code.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SeaCMS Remote Code Execution Vulnerability in admin_template.php

Vulnerability

Impact

Reproduction

Affected Products

SeaCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating