Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. This allows an authenticated attacker to upload a malicious file containing PHP code to execute operating system commands to the web root of the application.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-07-31T14:00:00

Updated: 2024-08-05T08:52:49.225Z

Reserved: 2018-06-28T00:00:00

Link: CVE-2018-12940

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-31T14:29:00.497

Modified: 2024-11-21T03:46:09.170

Link: CVE-2018-12940

cve-icon Redhat

No data.