CVE-2024-40521

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-94
View all →

Vulnerability Description

SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

Related Vulnerabilities

CVE-2013-2267

HIGH
CVSS:7.2(High)

PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.

CWE-942013

CVE-2015-0249

HIGH
CVSS:7.2(High)

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka ...

CWE-942015

CVE-2015-3173

HIGH
CVSS:7.2(High)

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

CWE-942015

CVE-2015-9227

HIGH
CVSS:7.2(High)

PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in...

CWE-942015

CVE-2017-15935

HIGH
CVSS:7.2(High)

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

CWE-942017

CVE-2017-16682

HIGH
CVSS:7.2(High)

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed...

CWE-942017