An issue exists in SeaCMS version 12.9, allows remote malicious users to execute arbitrary code via admin notify.php.