PT-2025-3083 · Seacms · Seacms

小冷爱学习!

·

Publicado

2025-01-06

·

Atualizado

2025-01-07

·

CVE-2024-54880

CVSS v3.1

9.1

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions SeaCMS version 13.1
Description The issue is related to Incorrect Access Control, where a logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. This flaw enables attackers to create multiple accounts at once.
Recommendations For SeaCMS version 13.1, as a temporary workaround, consider restricting the account registration process to prevent bulk registrations until a patch is available.

Exploit

Correção

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-281

Identificadores relacionados

CVE-2024-54880

Produtos afetados

Seacms