CVE-2024-42598

MEDIUM

SeaCMS 13.0 - RCE

Title source: llm

Description

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

Exploits (1)

gitee WRITEUP 1 stars

by fushuling · poc

https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md

[Exploit, Third Party Advisory] https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md

Scores

CVSS v3 6.7

EPSS 0.0014

EPSS Percentile 34.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-94

Status published

Products (1)

seacms/seacms 13.0

Published Aug 20, 2024

Tracked Since Feb 18, 2026