Back

CVE-2024-42598

Aug. 20, 2024, 4:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

SeaCMS

  • 13.0

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-20
CVE-2024-42598

CVE-2024-42598 details

Published : Aug. 20, 2024, 4:15 p.m.
Last Modified : Aug. 20, 2024, 4:15 p.m.

Description

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.