Arbitrary File Write Vulnerability in SeaCMS 12.9 by SeaCMS
CVE-2023-44172

9.8CRITICAL

Key Information:

Vendor
Seacms
Status
Seacms
Vendor
CVE Published:
27 September 2023

Summary

SeaCMS version 12.9 has a significant security flaw that allows unauthorized users to exploit an arbitrary file write vulnerability through the admin_weixin.php component. This weakness could enable attackers to manipulate files on the server, potentially compromising sensitive data or disrupting services. Organizations using SeaCMS 12.9 should assess their security posture and apply necessary updates or mitigations to safeguard against potential exploits.

References

https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-44172 : Arbitrary File Write Vulnerability in SeaCMS 12.9 by SeaCMS | SecurityVulnerability.io