CVE-2024-40522
CVE-2024-40522
Título es
CVE-2024-40522
Vie, 12/07/2024 – 16:15
Tipo
NVD-CWE-noinfo
Gravedad 2.0 Txt
Pendiente de análisis
CPE
cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:*————
Título en
CVE-2024-40522
Descripción en
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
12/07/2024
12/07/2024
Fabricante
seacms
Producto
seacms
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
8.80
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
