CVE-2024-40519

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description The issue is caused by the admin smtp.php file directly splicing and writing user input data into weixin.php without processing it. This allows authenticated attackers to execute arbitrary commands and obtain system permissions.

Recommendations For SeaCMS version 12.9, consider restricting access to the admin smtp.php file and weixin.php to minimize the risk of exploitation. As a temporary workaround, avoid using the admin smtp.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.