CVE-2024-46640 — CRITICAL (9.8)

Vulnerability Description

SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote code execution by writing to the file through the MySQL slow query method.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Seacms	Seacms	13.2

Related Weaknesses (CWE)

CWE-94

References

https://gitee.com/zheng_botong/CVE-2024-46640ExploitThird Party Advisory

FAQ

What is CVE-2024-46640?

CVE-2024-46640 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote ...

How severe is CVE-2024-46640?

CVE-2024-46640 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-46640?

Check the references section above for vendor advisories and patch information. Affected products include: Seacms Seacms.