CVE-2023-43216 – SeaCMS V12.9 contains an arbitrary file write v... (How to Fix)

Q: What is the severity of CVE-2023-43216?

CVE-2023-43216 has a CVSS score of 9.8 (CRITICAL). SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_ip.php that allows attackers to write malicious files to the server. This affects all SeaCMS V12.9 installations with the vulnerable component accessible. Attackers can potentially achieve remote code execution or compromise the entire system.

📋 TL;DR

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_ip.php that allows attackers to write malicious files to the server. This affects all SeaCMS V12.9 installations with the vulnerable component accessible. Attackers can potentially achieve remote code execution or compromise the entire system.

💻 Affected Systems

Products:

SeaCMS

Versions: V12.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to admin_ip.php component, typically through admin panel access.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, data theft, defacement, or ransomware deployment.

🟠

Likely Case

Webshell upload leading to persistent backdoor access, data exfiltration, or lateral movement within the network.

🟢

If Mitigated

Limited impact if proper file permissions, web application firewalls, and network segmentation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin access or authentication bypass to reach vulnerable component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V12.9+ or later patched version

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Update to latest SeaCMS version. 2. If update unavailable, manually patch admin_ip.php with input validation and file path restrictions. 3. Remove or restrict access to vulnerable component.

🔧 Temporary Workarounds

Restrict admin panel access

all

Limit access to admin_ip.php and admin panel to trusted IPs only

# In .htaccess or web server config
Deny from all
Allow from 192.168.1.0/24

File permission hardening

linux

Set strict file permissions on web directories to prevent arbitrary writes

chmod 755 /var/www/seacms/
chmod 644 /var/www/seacms/*.php
chown www-data:www-data /var/www/seacms/

🧯 If You Can't Patch

Implement web application firewall (WAF) with file upload and path traversal rules
Disable or remove admin_ip.php component entirely

🔍 How to Verify

Check if Vulnerable:

Check if SeaCMS version is V12.9 and admin_ip.php exists in admin directory

Check Version:

Check SeaCMS configuration files or admin panel for version information

Verify Fix Applied:

Verify SeaCMS version is updated beyond V12.9 and test file write functionality is restricted

📡 Detection & Monitoring

Log Indicators:

Unusual file writes in web directories
Multiple failed/successful admin login attempts
Access to admin_ip.php with POST parameters

Network Indicators:

HTTP POST requests to admin_ip.php with file path parameters
Unexpected file uploads to web server

SIEM Query:

source="web_server" AND (uri="*/admin_ip.php" OR method="POST" AND uri="*/admin/*")

📊 Metadata

CVE ID: CVE-2023-43216

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: September 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf Exploit,Third Party Advisory
https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43216, you might also want to check these: