Login Sign Up

CVE-2024-7161

4.3 MEDIUM
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in SeaCMS 13.0 allows attackers to trick authenticated users into changing their passwords without their consent by manipulating the password change form. Attackers can launch this attack remotely when users visit malicious pages while logged into SeaCMS. All SeaCMS 13.0 installations with the vulnerable member.php component are affected.

💻 Affected Systems

Products:
  • SeaCMS
Versions: 13.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations with the member.php component enabled (default).

📦 What is this software?

Seacms by Seacms

View all CVEs affecting Seacms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could lock legitimate users out of their accounts by changing their passwords, potentially leading to account takeover if combined with other vulnerabilities or social engineering.

🟠

Likely Case

Users are tricked into changing their passwords to attacker-controlled values, resulting in temporary account lockout and potential credential theft.

🟢

If Mitigated

With proper CSRF protections, the attack fails as the server rejects unauthorized password change requests.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires user interaction (visiting malicious page while authenticated).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Check GitHub repository for updates or apply workarounds.

🔧 Temporary Workarounds

Add CSRF Token Protection

all

Implement CSRF tokens in the password change form to validate legitimate requests.

Edit /member.php to add CSRF token generation and validation around the chgpwdsubmit action

Disable Password Change Function

all

Temporarily disable the vulnerable password change functionality.

Comment out or remove the chgpwdsubmit action handler in /member.php

🧯 If You Can't Patch

  • Implement WAF rules to block CSRF attacks targeting /member.php?action=chgpwdsubmit
  • Educate users about CSRF risks and advise them to log out when not actively using SeaCMS

🔍 How to Verify

Check if Vulnerable:

Check if /member.php exists and contains the chgpwdsubmit action without CSRF token validation.

Check Version:

Check SeaCMS version in admin panel or configuration files.

Verify Fix Applied:

Test password change functionality with and without valid CSRF tokens to ensure unauthorized requests are rejected.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed password change attempts from same IP
  • Password changes without corresponding login events

Network Indicators:

  • HTTP POST requests to /member.php?action=chgpwdsubmit without Referer headers or with external Referers

SIEM Query:

source="web.log" AND uri="/member.php" AND action="chgpwdsubmit" AND NOT referer CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2024-7161
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-352
Published: July 28, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7161, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)