Vulnerabilities > Seeddms > Seeddms > 5.1.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-31 | CVE-2018-12942 | SQL Injection vulnerability in Seeddms SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. | 9.0 |
2018-07-31 | CVE-2018-12941 | Improper Input Validation vulnerability in Seeddms This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. | 9.0 |
2018-07-31 | CVE-2018-12940 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. | 6.5 |
2018-07-31 | CVE-2018-12939 | Path Traversal vulnerability in Seeddms A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. | 5.5 |