SeedDMS version 5.1.22 (and some adjacent versions) contained an authenticated Remote Code Execution (RCE) vulnerability, primarily stemming from insecure file upload functionality. An attacker with valid document management system credentials could upload a malicious PHP file disguised as a regular document and then trigger its execution to take over the server.
Munch on snacks from local vendors while learning about the history of street food!
Uncover stories of NYC ghosts from A Haunted History of Invisible Women!
SeedDMS version 5.1.22 (and some adjacent versions) contained an authenticated Remote Code Execution (RCE) vulnerability, primarily stemming from insecure file upload functionality. An attacker with valid document management system credentials could upload a malicious PHP file disguised as a regular document and then trigger its execution to take over the server.
Subscribe to our newsletter