PT-2024-29404 · Seacms · Seacms
Looppppp
·
Published
2024-08-26
·
Updated
2024-09-05
·
CVE-2024-41444
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SeaCMS versions 11.3 through 12.9
Description
The issue is a SQL injection vulnerability in the
key parameter of the "/js/player/dmplayer/dmku/index.php?ac=so" endpoint. This vulnerability can be exploited to inject malicious SQL code. Users are urged to upgrade to a secure version to mitigate risks.Recommendations
For SeaCMS versions 11.3 through 12.9, upgrade to version 13.0 or later to remediate the issue. As a temporary workaround, consider restricting access to the vulnerable endpoint "/js/player/dmplayer/dmku/index.php?ac=so" until a patch is applied. Avoid using the
key parameter in the affected endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms