CVE-2018-12939

A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:seeddms:seeddms:*:*:*:*:*:*:*:*

Information

Published : 2018-07-31 07:29

Updated : 2018-09-28 11:34


NVD link : CVE-2018-12939

Mitre link : CVE-2018-12939


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

seeddms

  • seeddms