CVE-2024-44921

Name of the Vulnerable Software and Affected Versions SeaCMS version 12.9

Description A SQL injection vulnerability was discovered in SeaCMS via the id parameter at the "/dmplayer/dmku/index.php?ac=del" endpoint. This issue allows for potential SQL injection attacks.

Recommendations For SeaCMS version 12.9, consider disabling the id parameter in the "/dmplayer/dmku/index.php?ac=del" endpoint as a temporary workaround until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the id parameter in this endpoint until the issue is resolved.