CVE-2024-40521

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description The issue is a remote code execution vulnerability. It arises because attackers can bypass restrictions imposed by admin template.php on edited files, allowing them to write code and execute arbitrary commands to gain system privileges. This vulnerability is being actively exploited.

Recommendations For SeaCMS version 12.9, as a temporary workaround, consider restricting access to the admin template.php file until a patch is available. Additionally, monitor system privileges closely to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.