Security Advisory

CVE-2024-40520

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-07-12 00:00:00

Last updated 2024-08-02 04:33:11

Assigner mitre

State PUBLISHED

Description

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.

← Browse all CVEs View on cve.org ↗