Remote Code Execution Vulnerability in SeaCMS 12.9 by Fushuling
CVE-2024-40522

8.8HIGH

Key Information:

Vendor: Seacms
Status: Seacms
Vendor: CVE Published:; 12 July 2024

What is CVE-2024-40522?

A remote code execution vulnerability exists in SeaCMS 12.9, stemming from the file phomebak.php, which fails to properly filter variable names before writing them into a PHP file. This oversight enables authenticated attackers to manipulate the input and execute arbitrary commands on the server, potentially compromising system permissions and integrity. Organizations using SeaCMS 12.9 must evaluate their systems for this vulnerability and implement necessary security measures to mitigate risks.

References

https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%201...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2024
Vulnerability Reserved
Jul 5, 2024

Seacms

What is CVE-2024-40522?

References

CVSS V3.1

Timeline