CVE-2024-40520

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description The issue is caused by the admin config mark.php file directly splicing and writing user input data into inc photowatermark config.php without processing it. This allows authenticated attackers to execute arbitrary commands and obtain system permissions.

Recommendations For SeaCMS version 12.9, consider disabling the admin config mark.php file or restricting its access until a patch is available to prevent exploitation. Additionally, restrict write access to the inc photowatermark config.php file to minimize the risk of arbitrary command execution.