SeaCMS V6.4.5 RCE

What is the "SeaCMS V6.4.5 RCE?" module?

The "SeaCMS V6.4.5 RCE" module is a test case designed to detect a vulnerability in the SeaCMS software. SeaCMS is a content management system that allows users to create and manage websites. This module specifically targets version 6.4.5 of SeaCMS.

The severity of this vulnerability is classified as high, indicating that it poses a significant risk to the security of the affected system.

This module was authored by pikpikcu.

Impact

This vulnerability in SeaCMS allows remote unauthenticated attackers to execute arbitrary PHP code on the targeted system. This means that an attacker can potentially gain unauthorized access and control over the affected website or server.

How does the module work?

The "SeaCMS V6.4.5 RCE" module works by sending a specific HTTP request to the target system. The module includes a template for the request, which is then matched against specific conditions to determine if the vulnerability exists.

One example of a matching condition is checking the response body for the presence of the string "b1e597fa44dfd7669966bfab04eeb8ea". Additionally, the module verifies that the response status code is 200.

By analyzing the response to the HTTP request, the module can determine if the targeted system is vulnerable to the SeaCMS RCE vulnerability.

For more information about this vulnerability, you can refer to the following resource: https://mengsec.com/2018/08/06/SeaCMS-v6-45前台代码执行漏洞分析/

Metadata: max-request: 1