CVE-2024-40518

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*

History

01 Aug 2024, 13:57

Type	Values Removed	Values Added
Summary		(es) SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad es causada porque admin_weixin.php empalma y escribe directamente los datos de entrada del usuario en weixin.php sin procesarlos, lo que permite a atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener permisos del sistema.
CWE		CWE-20

12 Jul 2024, 18:45

Type	Values Removed	Values Added
CPE		cpe:2.3:a:seacms:seacms:12.9:::::::*
References	~~() https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md -~~	() https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md - Exploit
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Seacms Seacms seacms

12 Jul 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-12 16:15

Updated : 2024-08-01 13:57

NVD link : CVE-2024-40518

Mitre link : CVE-2024-40518

CVE.ORG link : CVE-2024-40518

JSON object : View

Products Affected

seacms

seacms

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2024-40518", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-07-12T16:15:04.850", "references": [{"url": "https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions."}, {"lang": "es", "value": "SeaCMS 12.9 tiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad es causada porque admin_weixin.php empalma y escribe directamente los datos de entrada del usuario en weixin.php sin procesarlos, lo que permite a atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener permisos del sistema."}], "lastModified": "2024-08-01T13:57:35.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A52C0BF-703A-4BF0-A5A9-E3995C30FE0D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}