CVE-2021-26216
https://notcve.org/view.php?id=CVE-2021-26216
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditFolder.php • http://seeddms.com https://tuhin1729.medium.com/cve-2021-26216-ffb33321dc91 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-26215
https://notcve.org/view.php?id=CVE-2021-26215
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditDocument.php • http://seeddms.com https://tuhin1729.medium.com/cve-2021-26215-7ce6800be822 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-12932
https://notcve.org/view.php?id=CVE-2019-12932
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en SeedDMS versión 5.1.11 debido a que el resultado búsqueda no se ha realizado correctamente en el formulario de búsqueda de autocompletado ubicado en el encabezado de out / out.Viewfolder.php. • https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12745 – SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12745
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. out / out.UsrMgr.php en SeedDMS antes de la versión 5.1.11 permite el almacenamiento de secuencias de comandos en sitios cruzados (XSS) a través del campo de nombre. SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php. • https://www.exploit-db.com/exploits/47023 http://packetstormsecurity.com/files/153382/SeedDMS-out.UsrMgr.php-Cross-Site-Scripting.html https://secfolks.blogspot.com/2019/06/exploit-for-cve-2019-12745-stored-xss.html https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12744 – Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2019-12744
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. SeedDMS antes de la versión 5.1.11 permite la ejecución remota de comandos (RCE) debido a la carga de archivos no validados de los scripts PHP, una vulnerabilidad diferente a la CVE-2018-12940. SeedDMS versions prior to 5.1.11 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/50062 https://www.exploit-db.com/exploits/47022 https://github.com/nobodyatall648/CVE-2019-12744 http://packetstormsecurity.com/files/153383/SeedDMS-Remote-Command-Execution.html http://packetstormsecurity.com/files/163283/Seeddms-5.1.10-Remote-Command-Execution.html https://secfolks.blogspot.com/2019/06/exploit-for-cve-2019-12744-remote.html https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG • CWE-434: Unrestricted Upload of File with Dangerous Type •