CVE-2024-40522

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description The issue is caused by the phomebak.php file writing variable names passed in without filtering them before writing them into the php file. This allows an authenticated attacker to execute arbitrary commands and obtain system permissions.

Recommendations For SeaCMS version 12.9, consider disabling the phomebak.php file until a patch is available to prevent exploitation. Restrict access to the file to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.