mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-25 04:24:05 +02:00
0xMarcio
854 B
854 B
CVE-2018-12939
Description
A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. (dot dot) in the "op/op.UploadChunks.php" "qquuid" parameter. NOTE: this can be leveraged to execute arbitrary code by using CVE-2018-12940.