Home > Vulnerability Database > CVE-2024-42598

Mend.io Vulnerability Database

CVE-2024-42598

Date: August 19, 2024

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

Language: PHP

Severity Score

6.7

Related Resources (4)

Url: https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md

Url: https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-42598

Url: https://www.mend.io/vulnerability-database/CVE-2024-42598

Severity Score

6.7

Weakness Type (CWE)

Code Injection

CWE-94

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-42598

Date: August 19, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?