SeaCMS 7.2 member.php Request privilege escalation

WpisedytowaćHistoryDiffjsonxmlCTI

Odkryto lukę w SeaCMS 7.2. Dotknięta jest nieznana funkcja w pliku member.php?mod=repsw4. Nie są znane żadne środki zaradcze. Sugerowana jest zamiana podatnego komponentu na produkt alternatywny.

Pole2019-02-18 09:372020-05-11 06:56
nameSeaCMSSeaCMS
version7.27.2
filemember.php?mod=repsw4member.php?mod=repsw4
input_typeRequestRequest
cwe255 (przekroczenie uprawnień)255 (przekroczenie uprawnień)
cvss2_vuldb_basescore4.04.0
cvss2_vuldb_tempscore4.04.0
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciPP
cvss2_nvd_iiNN
cvss2_nvd_aiNN
cvss3_meta_basescore8.88.8
cvss3_meta_tempscore8.88.8
cvss3_vuldb_basescore8.88.8
cvss3_vuldb_tempscore8.88.8
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1550361600 (2019-02-17)1550361600 (2019-02-17)
price_0day$0-$5k$0-$5k
cveCVE-2019-8418CVE-2019-8418
cve_assigned15503616001550361600
cve_nvd_summarySeaCMS 7.2 mishandles member.php?mod=repsw4 requests.SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
risk22
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days4242
cvss3_nvd_basescore8.88.8
discoverydate1546732800

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!