Seeddms : Security Vulnerabilities, CVEs, Published In 2014 (Directory traversal)
Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278.
Max CVSS
6.4
EPSS Score
2.06%
Published
2014-10-17
Updated
2017-08-29
1 vulnerabilities found