Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-07-31T14:00:00
Updated: 2024-08-05T08:52:49.225Z
Reserved: 2018-06-28T00:00:00
Link: CVE-2018-12940
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-31T14:29:00.497
Modified: 2024-11-21T03:46:09.170
Link: CVE-2018-12940
Redhat
No data.