CVE-2024-50808: Code Injection
First published: Fri Nov 08 2024(Updated: )
SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tina Tinacms | ||
| Tina Tinacms | =13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-50808?
CVE-2024-50808 is classified as a high severity vulnerability due to the potential for code injection.
How do I fix CVE-2024-50808?
To fix CVE-2024-50808, ensure proper validation and sanitization of the 'notify' variable in the admin_notify.php file.
What software versions are affected by CVE-2024-50808?
CVE-2024-50808 affects SeaCms version 13.1.
What type of vulnerability is CVE-2024-50808?
CVE-2024-50808 is a code injection vulnerability found in the notification module of SeaCms.
What aspect of the application does CVE-2024-50808 impact?
CVE-2024-50808 impacts the backend user module related to member message notifications.
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- vendor/seacms
- canonical/tina tinacms
- version/tina tinacms/13.1