CVE-2024-40519
First published: Fri Jul 12 2024(Updated: )
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =12.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-40519?
CVE-2024-40519 is considered a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-40519?
To fix CVE-2024-40519, update SeaCMS to the latest version that addresses this vulnerability.
Who is affected by CVE-2024-40519?
Authenticated users of SeaCMS version 12.9 are affected by CVE-2024-40519.
What type of vulnerability is CVE-2024-40519?
CVE-2024-40519 is categorized as a remote code execution vulnerability.
Can CVE-2024-40519 be exploited remotely?
Yes, CVE-2024-40519 can be exploited remotely by authenticated attackers.
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/seacms
- canonical/tina tinacms
- version/tina tinacms/12.9