Vulnerabilities > Seeddms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-08 | CVE-2022-44938 | Unspecified vulnerability in Seeddms 5.1.7/6.0.20 Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. | 9.8 |
| 2018-07-31 | CVE-2018-12942 | SQL Injection vulnerability in Seeddms SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. | 9.0 |
| 2018-07-31 | CVE-2018-12941 | Improper Input Validation vulnerability in Seeddms This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. | 9.0 |