An issue in SeaCMS v.12.8 allows an malicious user to execute arbitrary code via the admin_ notify.php component.
seacms seacms