CVE-2024-42599 – SeaCMS 13.0 contains a remote code execution vu... (How to Fix)

Q: What is the severity of CVE-2024-42599?

CVE-2024-42599 has a CVSS score of 8.8 (HIGH). SeaCMS 13.0 contains a remote code execution vulnerability in admin_files.php where authenticated attackers can bypass file editing restrictions to write and execute arbitrary code. This allows attackers to gain system privileges on vulnerable installations. Only SeaCMS 13.0 installations with admin access are affected.

📋 TL;DR

SeaCMS 13.0 contains a remote code execution vulnerability in admin_files.php where authenticated attackers can bypass file editing restrictions to write and execute arbitrary code. This allows attackers to gain system privileges on vulnerable installations. Only SeaCMS 13.0 installations with admin access are affected.

💻 Affected Systems

Products:

SeaCMS

Versions: 13.0

Operating Systems: All platforms running SeaCMS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated admin access to exploit. All SeaCMS 13.0 installations are vulnerable by default.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining root/admin privileges, installing persistent backdoors, stealing data, and pivoting to other systems.

🟠

Likely Case

Attacker gains administrative control of the SeaCMS installation, modifies content, steals sensitive data, and potentially compromises the underlying server.

🟢

If Mitigated

Attack limited to authenticated admin users only, with proper network segmentation preventing lateral movement.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing, and authenticated admin panels are common targets.

🏢 Internal Only: MEDIUM - Requires authenticated admin access, but internal threats or credential compromise could still lead to exploitation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin credentials but is straightforward once authenticated. Public proof-of-concept exists in the referenced links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check SeaCMS official channels for updates. Consider upgrading to a newer version if available or applying workarounds.

🔧 Temporary Workarounds

Restrict admin_files.php access

all

Block or restrict access to the vulnerable admin_files.php file

# Web server configuration to block access to admin_files.php
# For Apache: add to .htaccess: <Files "admin_files.php"> Order Allow,Deny Deny from all </Files>
# For Nginx: location ~ /admin_files\.php$ { deny all; }

Remove admin_files.php

linux

Delete or rename the vulnerable file if not needed

rm /path/to/seacms/admin_files.php
# Or rename: mv admin_files.php admin_files.php.disabled

🧯 If You Can't Patch

Implement strict access controls for admin panel with MFA and IP whitelisting
Monitor and audit all admin account activity and file modification attempts

🔍 How to Verify

Check if Vulnerable:

Check if SeaCMS version is 13.0 and admin_files.php exists in the installation directory

Check Version:

Check SeaCMS configuration files or admin panel for version information, typically in config files or footer

Verify Fix Applied:

Verify admin_files.php is removed, renamed, or access is properly restricted via web server configuration

📡 Detection & Monitoring

Log Indicators:

Unusual file modifications in admin_files.php or related directories
Multiple failed admin login attempts followed by successful access
Execution of system commands via web interface logs

Network Indicators:

Unusual outbound connections from web server to external IPs
HTTP requests to admin_files.php with suspicious parameters

SIEM Query:

source="web_server_logs" AND (uri="*admin_files.php*" AND (param="*system*" OR param="*exec*" OR param="*shell*"))

📊 Metadata

CVE ID: CVE-2024-42599

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: August 22, 2024

Last Updated: March 28, 2025

🔗 References

https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md Exploit,Third Party Advisory
https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42599, you might also want to check these: