CVE-2024-29275

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description The issue allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. This enables attackers to potentially access and manipulate sensitive data without proper authorization.

Recommendations For SeaCMS version 12.9, consider restricting access to the id parameter in class.php until a patch is available. As a temporary workaround, disabling the execution of arbitrary code via the id parameter can help minimize the risk of exploitation.