SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-06T22:17:28
Updated: 2024-08-03T05:56:15.235Z
Reserved: 2022-04-04T00:00:00
Link: CVE-2022-28478
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-06T23:15:08.167
Modified: 2024-11-21T06:57:24.503
Link: CVE-2022-28478
Redhat
No data.