Login Sign Up

CVE-2023-43278

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in Seacms allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visiting malicious web pages. It affects Seacms installations up to version 12.8. Attackers can gain administrative access to the CMS without needing credentials.

💻 Affected Systems

Products:
  • Seacms
Versions: Up to and including v12.8
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All Seacms installations with admin_manager.php accessible and lacking CSRF protections are vulnerable.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Seacms installation with attackers creating persistent admin accounts, leading to data theft, defacement, malware injection, or use as an attack platform.

🟠

Likely Case

Attackers create hidden admin accounts to maintain persistent access, potentially leading to data exfiltration, content manipulation, or further exploitation of the system.

🟢

If Mitigated

With proper CSRF protections and admin awareness, exploitation attempts fail, maintaining system integrity and preventing unauthorized access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking an authenticated admin into clicking a malicious link or visiting a compromised page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v12.9 or later

Vendor Advisory: http://seacms.com

Restart Required: No

Instructions:

1. Download the latest Seacms version from the official website. 2. Backup your current installation. 3. Replace admin_manager.php with the patched version. 4. Verify CSRF tokens are properly implemented.

🔧 Temporary Workarounds

Add CSRF Protection to admin_manager.php

all

Manually implement CSRF token validation in the vulnerable file

Edit admin_manager.php to include CSRF token generation and validation

Restrict Access to Admin Interface

all

Limit admin panel access to specific IP addresses or networks

Add IP-based restrictions in .htaccess or web server configuration

🧯 If You Can't Patch

  • Implement strict SameSite cookie policies and require re-authentication for sensitive actions
  • Monitor admin account creation logs and set up alerts for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if your Seacms version is 12.8 or earlier and examine admin_manager.php for CSRF token validation

Check Version:

Check Seacms version in admin panel or look for version information in source files

Verify Fix Applied:

Test admin account creation functionality with and without valid CSRF tokens to ensure protection

📡 Detection & Monitoring

Log Indicators:

  • Unexpected admin account creation events
  • Multiple failed admin creation attempts from unusual IPs

Network Indicators:

  • HTTP POST requests to admin_manager.php without proper referrer headers or CSRF tokens

SIEM Query:

source="web_logs" AND uri="/admin_manager.php" AND method="POST" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2023-43278
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: September 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43278, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)