An issue was discovered in SeaCMS through 6.61. adm1n/admin_database.php allows remote attackers to delete arbitrary files via directory traversal sequences in the bakfiles parameter. This can allow the product to be reinstalled by deleting install_lock.txt.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| seamcms | seacms | * |