CVE-2024-29275

CVSS 9.8 CRITICALEPSS 5.0%CWE-89

Vexday Risk Score

48Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 9.8EPSS 5.0%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

22 Mar 2024Published on NVD

20 Jun 2024Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 1

githubgithub.com/Cyphercoda/nuclei_template★ 4

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/seacms-net/CMS/issues/15