CVE-2024-42598

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md	Exploit Third Party Advisory
https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:seacms:seacms:13.0:*:*:*:*:*:*:*

History

28 Mar 2025, 16:53

Type	Values Removed	Values Added
First Time		Seacms Seacms seacms
CPE		cpe:2.3:a:seacms:seacms:13.0:::::::*
References	~~() https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md -~~	() https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md - Exploit, Third Party Advisory
References	~~() https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md -~~	() https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md - Exploit, Third Party Advisory

Information

Published : 2024-08-20 16:15

Updated : 2025-03-28 16:53

NVD link : CVE-2024-42598

Mitre link : CVE-2024-42598

CVE.ORG link : CVE-2024-42598

JSON object : View

Products Affected

seacms

seacms

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

6.7 /10