PT-2024-31303 · Seacms · Seacms
Nn0Nkey
·
Published
2024-08-30
·
Updated
2024-09-03
·
CVE-2024-44916
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Seacms version 13.1
Description
The issue allows attackers to control IP parameters written to the data/admin/ip.php file when the action is set, potentially resulting in arbitrary command execution. This occurs due to a vulnerability in the admin ip.php file in Seacms version 13.1.
Recommendations
For Seacms version 13.1, consider disabling the
admin ip.php file or restricting access to it until a patch is available to prevent attackers from controlling IP parameters and potentially executing arbitrary commands.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms