CVE-2024-50808

{"id": "CVE-2024-50808", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-11-08T21:15:20.740", "references": [{"url": "http://seacms.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/v9d0g/CVEs/blob/main/CVE-2024-50808.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the \"notify\" variable in admin_notify.php."}, {"lang": "es", "value": "SeaCms 13.1 es vulnerable a la inyecci\u00f3n de c\u00f3digo en el m\u00f3dulo de notificaci\u00f3n del m\u00f3dulo de notificaci\u00f3n de mensajes de miembros en el m\u00f3dulo de usuario backend, debido al manejo inseguro de la variable \"notificar\" en admin_notify.php."}], "lastModified": "2025-03-28T17:12:22.013", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:seacms:seacms:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FD99F78-3066-4826-96DA-6F8466EDB1B7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}