Arbitrary Code Execution Vulnerability in SeaCMS by SeaCMS Inc.
CVE-2023-44846

8.8HIGH

Key Information:

Vendor: Seacms
Status: Seacms
Vendor: CVE Published:; 10 October 2023

What is CVE-2023-44846?

A vulnerability in SeaCMS version 12.8 allows attackers to execute arbitrary code through the admin_notify.php component. This weakness enables malicious actors to execute unauthorized commands on the server, posing significant risks to system integrity and data security. Users of affected versions should take immediate action to mitigate potential threats.

References

https://blog.csdn.net/2301_79997870/article/details/13336...

https://blog.csdn.net/2301_79997870/article/details/13366...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Oct 2, 2023

Seacms

What is CVE-2023-44846?

References

CVSS V3.1

Timeline