CVE-2024-29275

CRITICAL

SeaCMS <12.9 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.

Exploits (1)

nomisec SCANNER 4 stars

by Cyphercoda · poc

https://github.com/Cyphercoda/nuclei_template

View Code ZIP pw:eip

References (1)

[Exploit, Vendor Advisory] https://github.com/seacms-net/CMS/issues/15

Scores

CVSS v3 9.8

EPSS 0.6798

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

seacms/seacms 12.9

Published Mar 22, 2024

Tracked Since Feb 18, 2026