Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2014-2278

Published: 17/10/2014 Updated: 23/10/2014
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 454
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Seeddms

Vulnerability Summary

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) prior to 4.3.4 allows remote malicious users to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

seeddms seeddms

Exploits

Exploit DB: SeedDMS XSS / Traversal / Shell Upload
SeedDMS versions prior to 434 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities ...

References

CWE-20http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOGhttp://packetstormsecurity.com/files/125726http://secunia.com/advisories/57475http://osvdb.org/show/osvdb/104465http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/125726/SeedDMS-XSS-Traversal-Shell-Upload.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook