CVE-2024-55461
Published: 18 December 2024
Summary
CVE-2024-55461 is a critical-severity Command Injection (CWE-77) vulnerability in Seacms Seacms. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 16.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52774
Vulnerability details
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables PHP code injection into backup configuration files via uncontrolled string replacement (regex-enabled), leading to remote code execution when files are processed/restored, akin to web shell deployment in a public-facing web application.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.