Primary

Context

SeaCMS Incorrect Access Control Vulnerability Allowing Bulk Account Registration

Vulnerability

Patched

A logic flaw in SeaCMS version 13.1 has been identified, allowing any user to register accounts in bulk. This vulnerability arises from incorrect access control, which can be exploited by attackers to bypass normal registration limits.

Impact

Exploitation of this vulnerability could lead to unauthorized bulk account creation, potentially allowing for abuse of the platform's user management features or automated actions under the guise of multiple users.

Reproduction

To reproduce this vulnerability, access the registration page and initiate the account registration process. Capture the network request using a tool like a web proxy. The captured request can be modified to change the account number and email address, allowing for the registration of multiple accounts in quick succession.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

9.7

remediation

7.7

relevance

0.0

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SeaCMS Incorrect Access Control Vulnerability Allowing Bulk Account Registration

Vulnerability

Impact

Reproduction

Affected Products

SeaCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating