CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40521
https://notcve.org/view.php?id=CVE-2024-40521
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe al hecho de que, aunque admin_template.php impone ciertas restricciones al archivo editado, los atacantes aún pueden eludir las restricciones y escribir código de alguna manera, lo que permite a los atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener privilegios del sistema. • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20admin_template.php%20%20code%20injection.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40522
https://notcve.org/view.php?id=CVE-2024-40522
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions. Existe una vulnerabilidad de ejecución remota de código en SeaCMS 12.9. La vulnerabilidad se debe a que phomebak.php escribe algunos nombres de variables pasados sin filtrarlos antes de escribirlos en el archivo php. • https://gitee.com/fushuling/cve/blob/master/%20SeaCMS%2012.9%20phomebak.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40518
https://notcve.org/view.php?id=CVE-2024-40518
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad es causada porque admin_weixin.php empalma y escribe directamente los datos de entrada del usuario en weixin.php sin procesarlos, lo que permite a atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener permisos del sistema. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_weixin.php%20code%20injection.md • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40519
https://notcve.org/view.php?id=CVE-2024-40519
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe a que admin_smtp.php empalma y escribe directamente los datos de entrada del usuario en weixin.php sin procesarlos, lo que permite a atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener permisos del sistema. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_smtp.php%20code%20injection.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40520
https://notcve.org/view.php?id=CVE-2024-40520
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions. SeaCMS 12.9 tiene una vulnerabilidad de ejecución remota de código. La vulnerabilidad se debe a que admin_config_mark.php empalma y escribe directamente los datos de entrada del usuario en inc_photowatermark_config.php sin procesarlos, lo que permite a atacantes autenticados explotar la vulnerabilidad para ejecutar comandos arbitrarios y obtener permisos del sistema. • https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_config_mark.php%20code%20injection.md • CWE-20: Improper Input Validation •