A vulnerability was found in SeedDMS up to 5.1.7. It has been classified as critical. This affects an unknown functionality. The manipulation of the argument cacheDir with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. This allows an authenticated attacker, with permission to the Settings functionality, to inject arbitrary system commands within the application by manipulating the "Cache directory" path. An attacker can use it to perform malicious tasks such as to extract, change, or delete sensitive information or run system commands on the underlying operating system.

The bug was discovered 07/02/2018. The weakness was released 07/31/2018 (Website). The advisory is shared at sourceforge.net. This vulnerability is uniquely identified as CVE-2018-12941 since 06/28/2018. It is possible to initiate the attack remotely. The successful exploitation needs a authentication. Technical details are known, but no exploit is available.

The vulnerability was handled as a non-public zero-day exploit for at least 29 days. During that time the estimated underground price was around $0-$5k.

Upgrading to version 5.1.8 eliminates this vulnerability.

Productinfo

Name

• SeedDMS

Version

• 5.1.0
• 5.1.1
• 5.1.2
• 5.1.3
• 5.1.4
• 5.1.5
• 5.1.6
• 5.1.7

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion