SeaCMS v13.1 Vulnerable to Server-Side Request Forgery (SSRF)
CVE-2024-44721

Currently unrated

Key Information:

Vendor: SeaCMS
Status: Seacms
Vendor: CVE Published:; 9 September 2024

Summary

A vulnerability has been identified in SeaCMS v13.1 that exposes the system to Server-Side Request Forgery (SSRF) attacks. This flaw arises from the improper handling of the url parameter in the /admin_reslib.php file, allowing malicious users to send unauthorized requests from the server. As a result, attackers could potentially access sensitive internal resources, leading to information disclosure or further exploitation. Organizations using this version of SeaCMS should take immediate action to mitigate the risks associated with this vulnerability.

References

https://github.com/seacms-net/CMS/issues/23

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Aug 21, 2024