CVE-2023-46987 – SeaCMS v12.9 contains a remote code execution v... (How to Fix)

Q: What is the severity of CVE-2023-46987?

CVE-2023-46987 has a CVSS score of 8.8 (HIGH). SeaCMS v12.9 contains a remote code execution vulnerability in the /augap/adminip.php component that allows attackers to execute arbitrary code on affected servers. This affects all SeaCMS v12.9 installations with the vulnerable component accessible. Attackers can potentially take full control of the server.

📋 TL;DR

SeaCMS v12.9 contains a remote code execution vulnerability in the /augap/adminip.php component that allows attackers to execute arbitrary code on affected servers. This affects all SeaCMS v12.9 installations with the vulnerable component accessible. Attackers can potentially take full control of the server.

💻 Affected Systems

Products:

SeaCMS

Versions: v12.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the /augap/adminip.php component to be accessible, which appears to be part of default installation.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing data theft, malware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Website defacement, data exfiltration, cryptocurrency mining, or ransomware deployment.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and least privilege access are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public technical analysis available with exploitation details. Simple HTTP requests can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://seacms.com

Restart Required: No

Instructions:

1. Check vendor website for updates. 2. If patch available, download and apply. 3. Verify fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Restrict access to /augap/adminip.php via web server configuration or firewall rules.

# Apache: RewriteRule ^/augap/adminip\.php$ - [F,L]
# Nginx: location ~ /augap/adminip\.php$ { deny all; }

Remove vulnerable file

linux

Delete or rename the vulnerable adminip.php file if not needed.

rm /path/to/seacms/augap/adminip.php

🧯 If You Can't Patch

Implement strict network segmentation to isolate SeaCMS from critical systems
Deploy web application firewall with RCE detection rules

🔍 How to Verify

Check if Vulnerable:

Check if /augap/adminip.php exists and is accessible via HTTP requests. Test with controlled payload if authorized.

Check Version:

Check SeaCMS version in admin panel or configuration files.

Verify Fix Applied:

Attempt to access /augap/adminip.php and verify it returns 403/404 or is blocked. Test with known exploit payloads in safe environment.

📡 Detection & Monitoring

Log Indicators:

Unusual POST/GET requests to /augap/adminip.php
System command execution in web logs
Unexpected process spawns from web server

Network Indicators:

HTTP requests with suspicious parameters to adminip.php
Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND (uri="/augap/adminip.php" OR uri CONTAINS "adminip.php")

📊 Metadata

CVE ID: CVE-2023-46987

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: December 28, 2023

Last Updated: November 21, 2024

🔗 References

http://seacms.com Product
http://www.seacms.com/ Product
https://blog.csdn.net/weixin_72610998/article/details/133420747?spm=1001.2014.3001.5501 Exploit,Third Party Advisory
http://seacms.com Product
http://www.seacms.com/ Product
https://blog.csdn.net/weixin_72610998/article/details/133420747?spm=1001.2014.3001.5501 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46987, you might also want to check these: