CVE-2024-50808

CVSS 8.8 HIGHEPSS 0.6%CWE-94

SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seacms.com https://github.com/v9d0g/CVEs/blob/main/CVE-2024-50808.md