Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-40519

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.

Published

2024-07-12T16:15:04.903

Last Modified

2025-03-25T17:15:58.507

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	seacms	seacms	12.9	Yes

References

https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md Exploit ([email protected])
https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md Exploit (af854a3a-2127-422b-91ae-364da2661108)