- Description
- SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 5.2
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:P
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seeddms:seeddms:5.1.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B55E788C-44FB-43EE-B20B-7E4410C0A56E"
},
{
"criteria": "cpe:2.3:a:seeddms:seeddms:6.0.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54859E66-8CDB-4DC6-B5BA-13DCBC4FDD83"
}
],
"operator": "OR"
}
]
}
]