CVE-2024-42598

Name of the Vulnerable Software and Affected Versions SeaCMS version 13.0

Description The issue is related to a remote code execution vulnerability. Although the admin editplayer.php file imposes restrictions on edited files, attackers can bypass these restrictions and write code. This allows authenticated attackers to exploit the vulnerability, execute arbitrary commands, and gain system privileges.

Recommendations For SeaCMS version 13.0, consider restricting access to the admin editplayer.php file until a patch is available. As a temporary workaround, limit the ability to edit files through this interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.