SB2018053114 - Multiple vulnerabilities in SeaCMS
Published: May 31, 2018 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2018-16444)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An issue was discovered in SeaCMS 6.61. adm1n/admin_reslib.php has SSRF via the url parameter.
2) Code Injection (CVE-ID: CVE-2018-16343)
The vulnerability allows a remote privileged user to execute arbitrary code.
SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS.
3) Cross-site scripting (CVE-ID: CVE-2018-16348)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing the admin_video.php v_content parameter, related to the site name. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Cross-site request forgery (CVE-ID: CVE-2018-14910)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as also be exploited through CSRF.
5) Cross-site scripting (CVE-ID: CVE-2018-14517)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via certain form fields. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Cross-site request forgery (CVE-ID: CVE-2018-14421)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as also be exploited through CSRF.
7) Cross-site request forgery (CVE-ID: CVE-2018-13444)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as add an admin account via adm1n/admin_manager.php?action=save&id=2.
8) Cross-site request forgery (CVE-ID: CVE-2018-13445)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as add a user account via adm1n/admin_manager.php?action=add.
9) Cross-site scripting (CVE-ID: CVE-2018-12431)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing the site name parameter on an adm1n/admin_config.php page (aka a system management page). A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
10) Cross-site scripting (CVE-ID: CVE-2018-11583)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/MichaelWayneLIU/seacms/blob/master/seacms3.md
- http://zhinianyuxin.postach.io/post/seacms-v6-61-latest-version-backend-rce
- https://github.com/cumtxujiabin/CmsPoc/blob/master/Seacms_v6.61_backend_RCE.md
- https://github.com/Jas0nwhy/vulnerability/blob/master/Seacmsxss.md
- https://github.com/MichaelWayneLIU/seacms/blob/master/seacms2.md
- https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md
- http://hexo.imagemlt.xyz/post/seacms-backend-getshell/index.html
- https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md
- https://github.com/MichaelWayneLIU/seacms/blob/master/seacms.md
- https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12