CVE-2019-12744

Sažetak

SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.

Reference

https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG
https://secfolks.blogspot.com/2019/06/exploit-for-cve-2019-12744-remote.html
http://packetstormsecurity.com/files/153383/SeedDMS-Remote-Command-Execution.html

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

25-06-2021 - 18:15

Objavljeno

20-06-2019 - 17:15