CVE-2024-42598

MEDIUM Year: 2024
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.

Related Vulnerabilities

CVE-2017-6186

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-prot...

CWE-942017

CVE-2018-3686

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.

CWE-942018

CVE-2018-3700

MEDIUM
CVSS:6.7(Medium)

Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation...

CWE-942018

CVE-2020-8140

MEDIUM
CVSS:6.7(Medium)

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

CWE-942020

CVE-2021-3411

MEDIUM
CVSS:6.7(Medium)

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerabilit...

CWE-942021

CVE-2022-29813

MEDIUM
CVSS:6.7(Medium)

In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible

CWE-942022