SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
History

Thu, 22 Aug 2024 17:45:00 +0000

Type Values Removed Values Added
References

Thu, 22 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Seacms
Seacms seacms
Weaknesses CWE-94
CPEs cpe:2.3:a:seacms:seacms:*:*:*:*:*:*:*:*
Vendors & Products Seacms
Seacms seacms
Metrics cvssV3_1

{'score': 6.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 20 Aug 2024 16:00:00 +0000

Type Values Removed Values Added
Description SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-20T00:00:00

Updated: 2024-08-22T17:35:14.193524

Reserved: 2024-08-05T00:00:00

Link: CVE-2024-42598

cve-icon Vulnrichment

Updated: 2024-08-22T15:12:06.886Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-20T16:15:11.727

Modified: 2024-08-22T18:15:10.187

Link: CVE-2024-42598

cve-icon Redhat

No data.