Vulnerabilities > Seeddms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-31 | CVE-2018-12944 | Cross-site Scripting vulnerability in Seeddms Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. | 6.1 |
2018-07-31 | CVE-2018-12943 | Cross-site Scripting vulnerability in Seeddms Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 6.1 |
2018-07-31 | CVE-2018-12942 | SQL Injection vulnerability in Seeddms SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. | 8.8 |
2018-07-31 | CVE-2018-12941 | Improper Input Validation vulnerability in Seeddms This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. | 8.8 |
2018-07-31 | CVE-2018-12940 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. | 8.8 |
2018-07-31 | CVE-2018-12939 | Path Traversal vulnerability in Seeddms A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. | 6.5 |