CVE Catalog

CVE-2024-54879

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.89%

55th percentile - higher than 55% of all known CVEs

Summary

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.

Risk Assessment

The organization faces financial losses and payment system abuse, as any user can repeatedly recharge their account without incurring costs.

Recommendation

Immediately update SeaCMS to the latest version that fixes this vulnerability and review logs for unauthorized transactions.

Original NVD description (English source)

SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS