Vulnerabilities > Seeddms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2021-33223 | Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15 An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. | 8.8 |
| 2019-06-20 | CVE-2019-12744 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. | 7.5 |
| 2018-07-31 | CVE-2018-12942 | SQL Injection vulnerability in Seeddms SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. | 8.8 |
| 2018-07-31 | CVE-2018-12941 | Improper Input Validation vulnerability in Seeddms This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. | 8.8 |
| 2018-07-31 | CVE-2018-12940 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. | 8.8 |