CVE-2024-42599
Last modified
CVE-2024-42599 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.
Description
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Seacms | Seacms | 13.0 |
References
- https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.mdExploit, Third Party Advisory
- https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-42599?
How severe is CVE-2024-42599?
How do I fix CVE-2024-42599?
Are you affected by CVE-2024-42599?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST