Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SeedDMS ‘/op/op.AddFile2.php’任意文件上传漏洞
Vulnerability Description
SeedDMS(前称LetoDMS和MyDMS)是SeedDMS爱好者共同开发的一套基于PHP和MySql的开源文档管理系统。该系统主要用于存储和共享文档。 SeedDMS 4.3.4之前版本的op/op.AddFile2.php脚本中存在任意文件上传漏洞,该漏洞源于用户可使用‘fileId’参数控制脚本路径。远程攻击者可通过上传带有可执行扩展的文件利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A