Overview
- Description
- SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 5.2
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:seeddms:seeddms:5.1.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B55E788C-44FB-43EE-B20B-7E4410C0A56E"
},
{
"criteria": "cpe:2.3:a:seeddms:seeddms:6.0.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54859E66-8CDB-4DC6-B5BA-13DCBC4FDD83"
}
],
"operator": "OR"
}
]
}
]