Remote Code Execution Vulnerability in SeaCMS 12.9 by Fushuling
CVE-2024-40519

8.8HIGH

Key Information:

Vendor: Seacms
Status: Seacms
Vendor: CVE Published:; 12 July 2024

Summary

The SeaCMS 12.9 version contains a remote code execution vulnerability due to improper handling of user input in the admin_smtp.php file. This occurs when user data is directly spliced and written into weixin.php without adequate validation or sanitization. As a result, authenticated attackers can exploit this flaw to execute arbitrary commands, potentially granting them unauthorized access to system resources and permissions.

References

https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2024
Vulnerability Reserved
Jul 5, 2024