PT-2025-3083 · Seacms · Seacms

小冷爱学习!

·

Published

2025-01-06

·

Updated

2025-01-07

·

CVE-2024-54880

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions SeaCMS version 13.1
Description The issue is related to Incorrect Access Control, where a logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. This flaw enables attackers to create multiple accounts at once.
Recommendations For SeaCMS version 13.1, as a temporary workaround, consider restricting the account registration process to prevent bulk registrations until a patch is available.

Exploit

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

CVE-2024-54880

Affected Products

Seacms