CVE-2024-39027

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description The issue is caused by an unauthorized SQL injection through the cid parameter at the "/js/player/dmplayer/dmku/index.php?ac=edit" API endpoint, which can lead to the leakage of sensitive database information.

Recommendations For SeaCMS version 12.9, as a temporary workaround, consider restricting access to the "/js/player/dmplayer/dmku/index.php?ac=edit" API endpoint to minimize the risk of exploitation. Avoid using the cid parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.