Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.
References
Configurations
Information
Published : 2014-10-17 16:55
Updated : 2014-10-23 08:42
NVD link : CVE-2014-2278
Mitre link : CVE-2014-2278
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
seeddms
- seeddms