CVE-2024-42599: Code Injection
First published: Thu Aug 22 2024(Updated: )
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tina Tinacms | ||
| Tina Tinacms | =13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-42599?
CVE-2024-42599 is classified as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2024-42599?
To fix CVE-2024-42599, it is recommended to update SeaCMS to the latest version that addresses this vulnerability.
What type of attacks can CVE-2024-42599 facilitate?
CVE-2024-42599 can facilitate remote code execution attacks by allowing authenticated attackers to inject and execute arbitrary code.
Who is affected by CVE-2024-42599?
All users and installations of SeaCMS version 13.0 are affected by CVE-2024-42599.
What are the risks associated with CVE-2024-42599?
The risks associated with CVE-2024-42599 include unauthorized access, modification of files, and complete system compromise.
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/seacms
- canonical/tina tinacms
- version/tina tinacms/13.0