Remote Code Execution Vulnerability in SeaCMS 13.2 via MySQL Slow Query
CVE-2024-46640

Currently unrated

Key Information:

Vendor: SeaCMS
Status: Seacms
Vendor: CVE Published:; 20 September 2024

Summary

SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method.

References

https://gitee.com/zheng_botong/CVE-2024-46640

Timeline

Vulnerability published
Sep 20, 2024