There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
References
Configurations
History
21 Nov 2024, 09:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md - Exploit |
01 Aug 2024, 13:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
Summary |
|
12 Jul 2024, 18:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md - Exploit | |
CPE | cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | NVD-CWE-noinfo | |
First Time |
Seacms
Seacms seacms |
12 Jul 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-12 16:15
Updated : 2024-11-21 09:31
NVD link : CVE-2024-40522
Mitre link : CVE-2024-40522
CVE.ORG link : CVE-2024-40522
JSON object : View
Products Affected
seacms
- seacms
CWE