5 matches found
CVE-2019-12744
SeedDMS before 5.1.11 allows Remote Command Execution RCE because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940...
CVE-2019-12744
SeedDMS before 5.1.11 allows Remote Command Execution RCE because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940...
Directory traversal
A directory traversal flaw in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows an authenticated attacker to write to or potentially delete arbitrary files via a .. dot dot in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using...
CVE-2018-12939
A directory traversal flaw in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows an authenticated attacker to write to or potentially delete arbitrary files via a .. dot dot in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using...
CVE-2018-12940
SeedDMS before 5.1.8 has an unrestricted file upload in the file op/op.UploadChunks.php (parameter qqfile ). An authenticated attacker can upload a file with an executable extension, upload a malicious PHP payload, and execute OS commands from the web root. This vulnerability is documented as CVE...