SQL Injection Vulnerability in SeaCMS v12.9 by SeaCMS Vendor
CVE-2024-41444

9.8CRITICAL

Key Information:

Vendor
Seacms
Status
Seacms
Vendor
CVE Published:
26 August 2024

Summary

SeaCMS v12.9 is susceptible to a SQL injection vulnerability that occurs in the key parameter within the endpoint /js/player/dmplayer/dmku/index.php?ac=so. This security flaw allows an attacker to manipulate SQL queries by injecting malicious code, potentially leading to unauthorized access to sensitive data, database alteration, and other forms of exploitation. Proper input validation and parameterized queries are crucial to mitigate this vulnerability and safeguard affected systems.

References

https://github.com/seacms-net/CMS
https://www.seacms.net/p-549
https://gist.github.com/looppppp/fa328c81ce19c1097d10f95c...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-41444 : SQL Injection Vulnerability in SeaCMS v12.9 by SeaCMS Vendor | SecurityVulnerability.io