CVE-2024-42599

HIGH

SeaCMS 13.0 - RCE

Title source: llm

Description

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

Exploits (1)

gitee WRITEUP 1 stars

by fushuling · poc

https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md

[Exploit, Third Party Advisory] https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md

Scores

CVSS v3 8.8

EPSS 0.0040

EPSS Percentile 60.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (1)

seacms/seacms 13.0

Published Aug 22, 2024

Tracked Since Feb 18, 2026