CVE-2024-42598 – SeaCMS 13.0 has an authenticated remote code ex... (How to Fix)

Q: What is the severity of CVE-2024-42598?

CVE-2024-42598 has a CVSS score of 6.7 (MEDIUM). SeaCMS 13.0 has an authenticated remote code execution vulnerability in admin_editplayer.php where attackers can bypass file restrictions to write and execute arbitrary code. This allows authenticated attackers to execute system commands and potentially gain full system privileges. Only SeaCMS 13.0 installations with admin access are affected.

📋 TL;DR

SeaCMS 13.0 has an authenticated remote code execution vulnerability in admin_editplayer.php where attackers can bypass file restrictions to write and execute arbitrary code. This allows authenticated attackers to execute system commands and potentially gain full system privileges. Only SeaCMS 13.0 installations with admin access are affected.

💻 Affected Systems

Products:

SeaCMS

Versions: 13.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated admin access to exploit

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/admin privileges, installing persistent backdoors, stealing data, and pivoting to other systems.

🟠

Likely Case

Web server compromise leading to data theft, defacement, or cryptocurrency mining malware installation.

🟢

If Mitigated

Limited impact due to network segmentation, minimal privileges, and monitoring catching exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin credentials but is straightforward once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or applying workarounds.

🔧 Temporary Workarounds

Restrict admin_editplayer.php access

linux

Temporarily disable or restrict access to the vulnerable file

mv admin_editplayer.php admin_editplayer.php.disabled
chmod 000 admin_editplayer.php

Implement strict input validation

all

Add proper file extension and content validation to admin_editplayer.php

🧯 If You Can't Patch

Implement strict network segmentation to isolate SeaCMS from critical systems
Enforce strong authentication and limit admin access to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check if SeaCMS version is 13.0 and admin_editplayer.php exists in the admin directory

Check Version:

Check SeaCMS configuration files or admin panel for version information

Verify Fix Applied:

Verify admin_editplayer.php has been disabled or modified with proper input validation

📡 Detection & Monitoring

Log Indicators:

Unusual file writes to player configuration files
Multiple failed admin login attempts followed by successful login
Execution of system commands from web process

Network Indicators:

Unusual outbound connections from web server
Traffic to known malicious domains

SIEM Query:

source="web_logs" AND (uri="/admin/admin_editplayer.php" OR process="php" AND cmdline CONTAINS "system" OR "exec")

📊 Metadata

CVE ID: CVE-2024-42598

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-94

Published: August 20, 2024

Last Updated: March 28, 2025

🔗 References

https://gitee.com/fushuling/cve/blob/master/CVE-2024-42598.md Exploit,Third Party Advisory
https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_editplayer.php%20code%20injection.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42598, you might also want to check these: