CVE-2024-40518

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description The issue is caused by admin weixin.php directly splicing and writing user input data into weixin.php without processing it. This allows authenticated attackers to execute arbitrary commands and obtain system permissions.

Recommendations For SeaCMS version 12.9, consider restricting access to admin weixin.php and weixin.php to minimize the risk of exploitation. Avoid using unprocessed user input data in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.