There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-12T00:00:00
Updated: 2024-08-02T04:33:11.580Z
Reserved: 2024-07-05T00:00:00
Link: CVE-2024-40522
Vulnrichment
Updated: 2024-07-23T20:13:44.997Z
NVD
Status : Modified
Published: 2024-07-12T16:15:05.080
Modified: 2024-11-21T09:31:15.230
Link: CVE-2024-40522
Redhat
No data.