CVE-2024-29275

CRITICAL

SeaCMS 12.9 - Unauthenticated SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-29275. PoCs published by Cyphercoda.

AI-analyzed exploit summary The repository contains Nuclei templates for detecting multiple vulnerabilities, including directory traversal, SQL injection, and LFI. The templates are designed to scan for these issues but do not include functional exploit code.

Description

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.

Exploits (1)

nomisec SCANNER 4 stars

by Cyphercoda · poc

https://github.com/Cyphercoda/nuclei_template

View Code ZIP pw:eip

The repository contains Nuclei templates for detecting multiple vulnerabilities, including directory traversal, SQL injection, and LFI. The templates are designed to scan for these issues but do not include functional exploit code.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Various (Apache OFBiz, dmplayer, etc.)

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Vendor Advisory

https://github.com/seacms-net/CMS/issues/15

Scores

CVSS v3 9.8

EPSS 0.0500

EPSS Percentile 91.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

seacms/seacms 12.9

Published Mar 22, 2024

Tracked Since Feb 18, 2026