Code Injection Vulnerability in SeaCms Notification Module
CVE-2024-50808

8.8HIGH

Key Information:

Vendor
SeaCms
Status
SeaCms
Vendor
CVE Published:
8 November 2024

Summary

The notification module in SeaCms 13.1 is prone to a code injection vulnerability. This arises from the improper handling of the 'notify' variable in the admin_notify.php file, which can allow an attacker to execute arbitrary code through crafted input. Web administrators using this version should urgently apply patches or updates provided by SeaCms to mitigate risks. For more details on remediation and technical specifics, visit the official SeaCms website or relevant resources.

References

http://seacms.com
https://github.com/v9d0g/CVEs/blob/main/CVE-2024-50808.md

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-50808 : Code Injection Vulnerability in SeaCms Notification Module | SecurityVulnerability.io