CVE-2024-50808 – SeaCms 13.1 contains a code injection vulnerabi... (How to Fix)

Q: What is the severity of CVE-2024-50808?

CVE-2024-50808 has a CVSS score of 8.8 (HIGH). SeaCms 13.1 contains a code injection vulnerability in the admin notification module that allows authenticated backend users to execute arbitrary code. This affects administrators with access to the backend user management interface. Successful exploitation could lead to complete system compromise.

📋 TL;DR

SeaCms 13.1 contains a code injection vulnerability in the admin notification module that allows authenticated backend users to execute arbitrary code. This affects administrators with access to the backend user management interface. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

SeaCms

Versions: 13.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated backend access to the member message notification module.

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full server takeover, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Authenticated attackers gaining shell access to the web server, potentially compromising the CMS database and files.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, restricting code execution to web server context only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires backend admin access. Public proof-of-concept demonstrates code injection via the 'notify' parameter.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://seacms.com

Restart Required: No

Instructions:

1. Check SeaCms website for security updates. 2. Apply any available patches. 3. Validate fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and output encoding for the 'notify' parameter in admin_notify.php

Access Restriction

all

Restrict access to admin_notify.php to only necessary administrative users

🧯 If You Can't Patch

Implement web application firewall rules to block suspicious 'notify' parameter values
Disable or remove the vulnerable notification module if not required

🔍 How to Verify

Check if Vulnerable:

Review admin_notify.php for unsafe handling of the 'notify' parameter without proper validation/sanitization

Check Version:

Check SeaCms version in admin panel or configuration files

Verify Fix Applied:

Test the notification endpoint with malicious payloads to confirm code execution is prevented

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to admin_notify.php with suspicious 'notify' parameter values
Web server logs showing code execution attempts

Network Indicators:

HTTP requests containing PHP code or system commands in parameters

SIEM Query:

source="web_logs" AND uri="*admin_notify.php*" AND (param="*notify*" AND value="*system(*" OR value="*exec(*" OR value="*eval(*")

📊 Metadata

CVE ID: CVE-2024-50808

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: November 8, 2024

Last Updated: March 28, 2025

🔗 References

http://seacms.com Product
https://github.com/v9d0g/CVEs/blob/main/CVE-2024-50808.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50808, you might also want to check these: