PT-2024-32088 · Seacms · Seacms
Published
2024-09-20
·
Updated
2024-09-26
·
CVE-2024-46640
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SeaCMS version 13.2
Description
The issue is a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, it is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method.
Recommendations
For SeaCMS version 13.2, patch immediately to prevent unauthorized access. As a temporary workaround, consider restricting access to the sql.class.chp file until a patch is available.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seacms