CVE-2020-27461

HIGH

SEOPanel 4.6.0 - Authenticated Remote Code Execution via Import Website File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27461. PoCs published by Kiko Andreu.

AI-analyzed exploit summary This exploit demonstrates a Remote Code Execution (RCE) vulnerability in SEO Panel 4.6.0 by uploading a malicious PHP file through an authenticated file upload feature. The exploit then allows arbitrary command execution via a webshell.

Description

A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function.

Exploits (1)

exploitdb WORKING POC

by Kiko Andreu · pythonwebappsphp

https://www.exploit-db.com/exploits/48862

View Code ZIP pw:eip

This exploit demonstrates a Remote Code Execution (RCE) vulnerability in SEO Panel 4.6.0 by uploading a malicious PHP file through an authenticated file upload feature. The exploit then allows arbitrary command execution via a webshell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SEO Panel 4.6.0

Auth required

Prerequisites: Valid credentials for the SEO Panel application · Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product x_refsource_misc

https://www.seopanel.org/

Patch, Third Party Advisory x_refsource_misc

https://sourceforge.net/projects/seopanel/files/seopanel.v.4.6.0.zip/download

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/48862

Scores

CVSS v3 8.8

EPSS 0.0374

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

seopanel/seopanel 4.6.0

Published Aug 20, 2021

Tracked Since Feb 18, 2026