Vulnerabilities > Seeddms

DATE CVE VULNERABILITY TITLE RISK
2018-07-31 CVE-2018-12944 Cross-site Scripting vulnerability in Seeddms
Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.
network
low complexity
seeddms CWE-79
6.1
2018-07-31 CVE-2018-12943 Cross-site Scripting vulnerability in Seeddms
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
network
low complexity
seeddms CWE-79
6.1
2018-07-31 CVE-2018-12942 SQL Injection vulnerability in Seeddms
SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server.
network
low complexity
seeddms CWE-89
8.8
2018-07-31 CVE-2018-12941 Improper Input Validation vulnerability in Seeddms
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality.
network
low complexity
seeddms CWE-20
8.8
2018-07-31 CVE-2018-12940 Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms
Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter.
network
low complexity
seeddms CWE-434
8.8
2018-07-31 CVE-2018-12939 Path Traversal vulnerability in Seeddms
A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a ..
network
low complexity
seeddms CWE-22
6.5