SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
Metrics
Affected Vendors & Products
References
History
Thu, 22 Aug 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 22 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Seacms
Seacms seacms |
|
Weaknesses | CWE-94 | |
CPEs | cpe:2.3:a:seacms:seacms:*:*:*:*:*:*:*:* | |
Vendors & Products |
Seacms
Seacms seacms |
|
Metrics |
cvssV3_1
|
Tue, 20 Aug 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-20T00:00:00
Updated: 2024-08-22T17:35:14.193524
Reserved: 2024-08-05T00:00:00
Link: CVE-2024-42598
Vulnrichment
Updated: 2024-08-22T15:12:06.886Z
NVD
Status : Awaiting Analysis
Published: 2024-08-20T16:15:11.727
Modified: 2024-08-22T18:15:10.187
Link: CVE-2024-42598
Redhat
No data.