CVE-2024-42599

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md	Exploit Third Party Advisory
https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:seacms:seacms:13.0:*:*:*:*:*:*:*

History

28 Mar 2025, 17:12

Type	Values Removed	Values Added
CPE		cpe:2.3:a:seacms:seacms:13.0:::::::*
First Time		Seacms Seacms seacms
References	~~() https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md -~~	() https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md - Exploit, Third Party Advisory
References	~~() https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md -~~	() https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md - Exploit, Third Party Advisory

Information

Published : 2024-08-22 20:15

Updated : 2025-03-28 17:12

NVD link : CVE-2024-42599

Mitre link : CVE-2024-42599

CVE.ORG link : CVE-2024-42599

JSON object : View

Products Affected

seacms

seacms

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

8.8 /10