CVE-2024-6416 | SeaCMS 12.9 cid sql injection

Inserito da Angelo Barbosa | Giu 30, 2024 | CVE

A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)from(select(sleep(10)))v) leads to sql injection.

This vulnerability is known as CVE-2024-6416. The attack can be launched remotely. Furthermore, there is an exploit available.

CVE-2024-6416 | SeaCMS 12.9 cid sql injection

Post correlati

CVE-2024-26709 | Linux Kernel up to 6.7.5 powerpc iommu_group_put memory leak (c90fdea9cac9/0846dd77c834)

CVE-2023-47061 | Adobe Dimension up to 3.4.10 out-of-bounds (apsb23-71)

CVE-2023-48863 | SEMCMS 3.9 sql injection

CVE-2024-45101 | Lenovo XClarity Administrator up to 4.0 URL cleartext transmission