Seeddms

Seeddms

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-12932

  • EPSS 0.24%
  • Veröffentlicht 28.06.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:50

A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.

5.4

CVE-2019-12745

Exploit
  • EPSS 0.28%
  • Veröffentlicht 20.06.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:23:29

out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.

7.5

CVE-2019-12744

Exploit
  • EPSS 33.29%
  • Veröffentlicht 20.06.2019 17:15:10
  • Zuletzt bearbeitet 21.11.2024 04:23:28

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.

6.1

CVE-2019-12801

  • EPSS 0.43%
  • Veröffentlicht 17.06.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:23:36

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.

6.1

CVE-2018-12944

  • EPSS 0.24%
  • Veröffentlicht 31.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:09

Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.

6.1

CVE-2018-12943

  • EPSS 0.24%
  • Veröffentlicht 31.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:09

Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

9

CVE-2018-12942

  • EPSS 0.21%
  • Veröffentlicht 31.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:09

SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the applic...

9

CVE-2018-12941

  • EPSS 1.97%
  • Veröffentlicht 31.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:09

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows...

8.8

CVE-2018-12940

  • EPSS 1.8%
  • Veröffentlicht 31.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:09

Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" param...

6.5

CVE-2018-12939

  • EPSS 0.6%
  • Veröffentlicht 31.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:09

A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this ca...