An issue discovered in SeedDMS 6.0.15 allows an malicious user to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.
seeddms seeddms 6.0.15