CVE-2024-7161

Name of the Vulnerable Software and Affected Versions SeaCMS version 13.0

Description A problematic issue was found in the Password Change Handler component, specifically in the /member.php?action=chgpwdsubmit file. The manipulation of the newpwd and newpwd2 arguments leads to cross-site request forgery. This issue can be exploited remotely.

Recommendations For SeaCMS version 13.0, consider disabling the password change functionality in the /member.php?action=chgpwdsubmit file until a patch is available. Restrict access to this file to minimize the risk of exploitation. Avoid using the newpwd and newpwd2 arguments in the affected API endpoint until the issue is resolved.