CVE-2023-44171 – SeaCMS V12.9 contains an arbitrary file write v... (How to Fix)

📋 TL;DR

SeaCMS V12.9 contains an arbitrary file write vulnerability in admin_smtp.php that allows attackers to write malicious files to the server. This affects all SeaCMS V12.9 installations with the vulnerable component accessible. Attackers can potentially achieve remote code execution or system compromise.

💻 Affected Systems

Products:

SeaCMS

Versions: V12.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to admin_smtp.php component, typically through admin panel

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution leading to data theft, ransomware deployment, or complete server takeover

🟠

Likely Case

Webshell deployment allowing persistent backdoor access, data exfiltration, and lateral movement within the network

🟢

If Mitigated

Limited impact if proper file permissions and access controls prevent execution of written files

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin access or authentication bypass to reach vulnerable component

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check for official SeaCMS updates
2. If patch available, backup current installation
3. Apply patch following vendor instructions
4. Verify admin_smtp.php is no longer vulnerable

🔧 Temporary Workarounds

Restrict admin_smtp.php access

linux

Block or restrict access to the vulnerable admin_smtp.php file

chmod 000 admin_smtp.php
mv admin_smtp.php admin_smtp.php.disabled

Implement WAF rules

all

Add web application firewall rules to block suspicious file write attempts

🧯 If You Can't Patch

Isolate SeaCMS instance from critical systems and databases
Implement strict file system permissions and disable PHP execution in upload directories

🔍 How to Verify

Check if Vulnerable:

Check if SeaCMS version is V12.9 and admin_smtp.php exists in admin directory

Check Version:

Check SeaCMS configuration files or admin panel for version information

Verify Fix Applied:

Test if arbitrary file write through admin_smtp.php is no longer possible

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in web server logs
Multiple POST requests to admin_smtp.php
Suspicious file creations in web directories

Network Indicators:

HTTP requests to admin_smtp.php with file write parameters
Unusual outbound connections from web server

SIEM Query:

source="web_server" AND (uri="*/admin_smtp.php" OR file_write_operation="suspicious")

📊 Metadata

CVE ID: CVE-2023-44171

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: September 27, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf Exploit,Third Party Advisory
https://github.com/H3ppo/vulnerabilities/blob/main/SeaCMS%20V12.9%20Arbitrary%20file%20write%20vulnerability.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44171, you might also want to check these: