A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270007.
References
| Link | Resource |
|---|---|
| https://fushuling.com/index.php/2024/06/24/test4/ | Broken Link |
| https://vuldb.com/?ctiid.270007 | Permissions Required VDB Entry |
| https://vuldb.com/?id.270007 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.363407 | Third Party Advisory VDB Entry Exploit |
| https://fushuling.com/index.php/2024/06/24/test4/ | Broken Link |
| https://vuldb.com/?ctiid.270007 | Permissions Required VDB Entry |
| https://vuldb.com/?id.270007 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.363407 | Third Party Advisory VDB Entry Exploit |
Configurations
History
05 Apr 2025, 00:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fushuling.com/index.php/2024/06/24/test4/ - Broken Link | |
| References | () https://vuldb.com/?ctiid.270007 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.270007 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.363407 - Third Party Advisory, VDB Entry, Exploit | |
| First Time |
Seacms
Seacms seacms |
|
| CPE | cpe:2.3:a:seacms:seacms:12.9:*:*:*:*:*:*:* |
Information
Published : 2024-06-30 22:15
Updated : 2025-04-05 00:02
NVD link : CVE-2024-6416
Mitre link : CVE-2024-6416
CVE.ORG link : CVE-2024-6416
JSON object : View
Products Affected
seacms
- seacms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')