There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-12T00:00:00

Updated: 2024-08-02T04:33:11.580Z

Reserved: 2024-07-05T00:00:00

Link: CVE-2024-40522

cve-icon Vulnrichment

Updated: 2024-07-23T20:13:44.997Z

cve-icon NVD

Status : Modified

Published: 2024-07-12T16:15:05.080

Modified: 2024-08-01T13:57:36.927

Link: CVE-2024-40522

cve-icon Redhat

No data.