CVE-2024-50808

Name of the Vulnerable Software and Affected Versions: SeaCms version 13.1

Description: The issue is related to a code injection vulnerability in the notification module of the member message notification module in the backend user module. This vulnerability occurs due to the unsafe handling of the notify variable in admin notify.php. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For SeaCms version 13.1, as a temporary workaround, consider disabling the notify variable in the admin notify.php file until a patch is available. Restrict access to the notification module in the backend user module to minimize the risk of exploitation. Avoid using the notify parameter in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.