Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SeedDMS 安全漏洞
Vulnerability Description
SeedDMS(前称LetoDMS和MyDMS)是SeedDMS爱好者共同开发的一套基于PHP和MySql的开源文档管理系统。该系统主要用于存储和共享文档。 SeedDMS 5.1.8之前版本中存在安全漏洞。攻击者可通过操纵‘Cache directory’路径利用该漏洞注入任意的系统命令,执行恶意的操作,例如:提取、更改或删除敏感信息或在底层操作系统上执行系统命令。
CVSS Information
N/A
Vulnerability Type
N/A