Primary

Context

SueamCMS File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A file upload vulnerability has been identified in SueamCMS version 0.1.2, which allows remote attackers to execute arbitrary code. This issue arises from a lack of proper input filtering, enabling unauthorized file uploads, including those containing malicious code.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server where SueamCMS is hosted.

Reproduction

To reproduce this vulnerability, send a POST request to 'mgt_file.php' with the 'upfiles' parameter containing a file named 'test2.php'. This file should include a PHP payload, such as a script that executes 'phpinfo()'. The request must also include a valid session cookie.

Added: Sep 12, 2025, 4:20 PM

Updated: Sep 12, 2025, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SueamCMS File Upload Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating