CVE-2024-42598: Code Injection
First published: Tue Aug 20 2024(Updated: )
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tina Tinacms | ||
| Tina Tinacms | =13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-42598?
CVE-2024-42598 is rated as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2024-42598?
To fix CVE-2024-42598, update SeaCMS to the latest version where this vulnerability has been addressed.
What does CVE-2024-42598 affect?
CVE-2024-42598 affects SeaCMS version 13.0, specifically through the admin_editplayer.php file.
Who can exploit CVE-2024-42598?
CVE-2024-42598 can be exploited by authenticated attackers who can bypass the file restrictions in the system.
What is the impact of CVE-2024-42598?
The impact of CVE-2024-42598 includes the potential for attackers to execute arbitrary code on the server, compromising system integrity.
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/event
- agent/last-modified-date
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/seacms
- canonical/tina tinacms
- version/tina tinacms/13.0