Home > Vulnerability Database > CVE-2024-40520

Mend.io Vulnerability Database

CVE-2024-40520

Date: July 11, 2024

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.

Language: PHP

Severity Score

8.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-40520

Url: https://gitee.com/fushuling/cve/blob/master/SeaCMS%2012.9%20admin_config_mark.php%20code%20injection.md

Url: https://www.mend.io/vulnerability-database/CVE-2024-40520

Severity Score

8.8

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-40520

Date: July 11, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?