CVE-2024-40521: Code Injection
First published: Fri Jul 12 2024(Updated: )
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =12.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-40521?
CVE-2024-40521 has been classified as a critical remote code execution vulnerability.
How do I fix CVE-2024-40521?
To fix CVE-2024-40521, update SeaCMS to the latest version where the vulnerability has been patched.
Who is affected by CVE-2024-40521?
CVE-2024-40521 affects users of SeaCMS version 12.9.
Can CVE-2024-40521 be exploited remotely?
Yes, CVE-2024-40521 can be exploited remotely by authenticated attackers.
What access is required to exploit CVE-2024-40521?
An attacker must be authenticated to exploit CVE-2024-40521.
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/source
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/seacms