CVE-2024-40519

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.

Related Vulnerabilities

CVE-2008-3431

HIGH
CVSS:8.8(High)

The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with th...

NVD-CWE-Other2008

CVE-2010-3730

HIGH
CVSS:8.8(High)

Google Chrome before 6.0.472.62 does not properly use information about the origin of a document to manage properties, which allows remote attackers to have an unspecified impact via a crafted web sit...

NVD-CWE-Other2010

CVE-2011-2668

HIGH
CVSS:8.8(High)

Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header

NVD-CWE-Other2011

CVE-2012-1856

HIGH
CVSS:8.8(High)

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Ser...

NVD-CWE-Other2012

CVE-2012-3490

HIGH
CVSS:8.8(High)

The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x befor...

NVD-CWE-Other2012

CVE-2012-6307

HIGH
CVSS:8.8(High)

A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code

NVD-CWE-Other2012