Vulnerabilities > CVE-2021-33223 - Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
seeddms
CWE-639
NVD
Published: 2023-06-07
Updated: 2023-06-15

Summary

An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.

Vulnerable Configurations

Part Description Count
Application
Seeddms
1

Common Weakness Enumeration (CWE)

References