CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*

History

21 Nov 2024, 09:31

Type Values Removed Values Added
References () https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md - Exploit () https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md - Exploit

01 Aug 2024, 13:57

Type Values Removed Values Added
Summary
  • (es) SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad es causada porque admin_weixin.php empalma y escribe directamente los datos de entrada del usuario en weixin.php sin procesarlos, lo que permite a atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener permisos del sistema.
CWE CWE-20

12 Jul 2024, 18:45

Type Values Removed Values Added
References () https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md - () https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md - Exploit
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Seacms
Seacms seacms
CPE cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*

12 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-12 16:15

Updated : 2024-11-21 09:31


NVD link : CVE-2024-40518

Mitre link : CVE-2024-40518

CVE.ORG link : CVE-2024-40518


JSON object : View

Products Affected

seacms

  • seacms
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation