Arbitrary Code Execution Vulnerability in SeaCMS by SeaCMS Inc.
CVE-2023-44846

8.8HIGH

Key Information:

Vendor
Seacms
Status
Seacms
Vendor
CVE Published:
10 October 2023

Summary

A vulnerability in SeaCMS version 12.8 allows attackers to execute arbitrary code through the admin_notify.php component. This weakness enables malicious actors to execute unauthorized commands on the server, posing significant risks to system integrity and data security. Users of affected versions should take immediate action to mitigate potential threats.

References

https://blog.csdn.net/2301_79997870/article/details/13336...
https://blog.csdn.net/2301_79997870/article/details/13366...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-44846 : Arbitrary Code Execution Vulnerability in SeaCMS by SeaCMS Inc. | SecurityVulnerability.io