PT-2024-28337 · Seacms · Seacms
Published
2024-07-05
·
Updated
2024-08-01
·
CVE-2024-39028
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SeaCMS versions <=12.9
Description
An issue in SeaCMS allows remote attackers to execute arbitrary code via the "admin ping.php" endpoint. This enables attackers to run malicious code on the affected system.
Recommendations
For SeaCMS versions <=12.9, update to a version greater than 12.9 to resolve the issue. As a temporary workaround, consider restricting access to the "admin ping.php" endpoint until a patch is available.
Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms