$extraPath = '"; system($_GET["cmd"]); // ';
SeedDMS version 5.1.24 and earlier, including 5.1.22, is susceptible to a directory traversal attack. The “Remove file” functionality inside the “Log files management” menu does not properly sanitize user input, allowing an attacker with administrator privileges to delete arbitrary files on the remote system. A CVSS v3.1 base score of 6.5 has been assigned to this vulnerability, reflecting the requirement for administrative access but still posing a significant risk given the ability to delete critical system files, configuration data, or even the entire document repository.
location ^~ /seeddms/data/ location ~ \.php$ deny all; Use code with caution. Apply the Principle of Least Privilege seeddms 5.1.22 exploit
SeedDMS versions before 5.1.8 contain SQL injection vulnerabilities, particularly in the "Users management" functionality. These vulnerabilities allow authenticated attackers to manipulate SQL queries, potentially extracting, modifying, or deleting sensitive information within the database. More critically, attackers could potentially execute system commands on the underlying operating system, leading to full system compromise.
The most severe vulnerabilities in SeedDMS allow attackers to execute arbitrary commands on the server. $extraPath = '"; system($_GET["cmd"]); // '; SeedDMS version
Uploading a malicious PHP script disguised as a document.
GET /seeddms51/op/op.RemoveDocument.php?documentid=1 AND (SELECT 1234 FROM (SELECT(SLEEP(5)))a) HTTP/1.1 Host: target location ^~ /seeddms/data/ location ~ \
SeedDMS is an open-source document management system used by many organizations to store, share, and track digital documents. While it offers a robust platform for document workflows, specific versions have suffered from critical security flaws.
Disclaimer: This information is for educational and security hardening purposes only. Seeddms 5.1.22 Exploit
If you are running SeedDMS 5.1.22, you are at risk. Take the following steps immediately: 1. Upgrade Immediately