CVE-2024-30565 – SeaCMS version 12.9 contains a vulnerability in... (How to Fix)

Q: What is the severity of CVE-2024-30565?

CVE-2024-30565 has a CVSS score of 8.8 (HIGH). SeaCMS version 12.9 contains a vulnerability in admin/notify.php that allows remote attackers to execute arbitrary code. This is a code injection vulnerability (CWE-94) that affects all SeaCMS 12.9 installations with the admin interface accessible. Attackers can compromise the entire web application and underlying server.

📋 TL;DR

SeaCMS version 12.9 contains a vulnerability in admin/notify.php that allows remote attackers to execute arbitrary code. This is a code injection vulnerability (CWE-94) that affects all SeaCMS 12.9 installations with the admin interface accessible. Attackers can compromise the entire web application and underlying server.

💻 Affected Systems

Products:

SeaCMS

Versions: 12.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin interface to be accessible. Default installations are vulnerable.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the web server, accessing databases, and potentially pivoting to other systems in the network.

🟠

Likely Case

Web application takeover, data theft, defacement, and installation of backdoors or malware on the server.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the admin interface. Public proof-of-concept code is available in the referenced GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Check for official SeaCMS updates or patches. 2. If no patch available, apply workarounds. 3. Consider upgrading to a newer version if available.

🔧 Temporary Workarounds

Restrict admin access

all

Block external access to admin interface using firewall rules or web server configuration

# Apache: <Location /admin> Require ip 192.168.1.0/24 </Location>
# Nginx: location /admin { allow 192.168.1.0/24; deny all; }

Remove vulnerable file

linux

Temporarily remove or rename the vulnerable notify.php file

mv admin/notify.php admin/notify.php.bak

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the admin interface
Deploy a web application firewall (WAF) with rules to detect and block code injection attempts

🔍 How to Verify

Check if Vulnerable:

Check if SeaCMS version is 12.9 and if admin/notify.php exists and is accessible

Check Version:

Check SeaCMS configuration files or admin panel for version information

Verify Fix Applied:

Verify admin/notify.php is no longer accessible or has been patched

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to admin/notify.php
Suspicious PHP code execution in web logs
Multiple failed access attempts to admin interface

Network Indicators:

Unexpected outbound connections from web server
Traffic patterns indicating code execution

SIEM Query:

source="web_logs" AND (uri="/admin/notify.php" OR uri="/admin/notify") AND (method="POST" OR status>=400)

📊 Metadata

CVE ID: CVE-2024-30565

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: April 4, 2024

Last Updated: March 28, 2025

🔗 References

https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/SeaCMS_v.12.9.md Exploit,Third Party Advisory
https://github.com/XiLitter/CMS_vulnerability-discovery/blob/main/SeaCMS_v.12.9.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30565, you might also want to check these: