Login Sign Up

CVE-2023-44169

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_notify.php that allows attackers to write malicious files to the server. This affects all SeaCMS V12.9 installations with the admin panel accessible. Attackers can potentially achieve remote code execution by writing web shells or other malicious files.

💻 Affected Systems

Products:
  • SeaCMS
Versions: V12.9
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires access to admin panel, but vulnerability exists in default installation.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Web shell deployment leading to data theft, defacement, or use as a foothold for further attacks.

🟢

If Mitigated

Limited impact if file write is restricted to non-executable locations or proper file permissions prevent execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin access, but if credentials are compromised or weak, exploitation is straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V12.9+ (specific patch version not specified in references)

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Update to the latest SeaCMS version. 2. If update not available, manually patch admin_notify.php to validate and sanitize file write operations. 3. Apply vendor-provided security patches.

🔧 Temporary Workarounds

Restrict admin panel access

all

Limit access to admin panel to trusted IP addresses only

# Configure web server (e.g., Apache .htaccess or Nginx config) to restrict /admin/ path

File permission hardening

linux

Set strict file permissions on web directories to prevent arbitrary writes

chmod 755 /var/www/seacms/
chmod 644 /var/www/seacms/*.php
chown www-data:www-data /var/www/seacms/

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block suspicious file write attempts
  • Monitor file system changes in web directories and alert on unauthorized writes

🔍 How to Verify

Check if Vulnerable:

Check if SeaCMS version is V12.9 and review admin_notify.php for insufficient file write validation

Check Version:

Check SeaCMS version in admin panel or look for version.php file

Verify Fix Applied:

Test if arbitrary file write via admin_notify.php is no longer possible after patching

📡 Detection & Monitoring

Log Indicators:

  • Unusual file writes in web directories
  • Multiple failed/successful admin login attempts
  • POST requests to admin_notify.php with file parameters

Network Indicators:

  • HTTP requests to admin_notify.php with file upload parameters
  • Unusual outbound connections from web server

SIEM Query:

source="web_server" AND (uri="/admin_notify.php" OR file_write_event)

📊 Metadata

CVE ID: CVE-2023-44169
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: September 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44169, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)