CVE Catalog
CVE-2024-54879
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk0.89%
55th percentile - higher than 55% of all known CVEs
Summary
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
Risk Assessment
The organization faces financial losses and payment system abuse, as any user can repeatedly recharge their account without incurring costs.
Recommendation
Immediately update SeaCMS to the latest version that fixes this vulnerability and review logs for unauthorized transactions.
Original NVD description (English source)
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.

