CVE-2014-2278

Published: Oct 17, 2014Modified: May 6, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.

Affected (1)

Products: Seeddms: Seeddms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Seeddms Seeddms	Up to 4.3.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html

Source: cve@mitre.org

http://osvdb.org/show/osvdb/104465

Source: cve@mitre.org

http://packetstormsecurity.com/files/125726

Source: cve@mitre.org

http://secunia.com/advisories/57475

Source: cve@mitre.org

http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG

Source: cve@mitre.org

Vendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/show/osvdb/104465

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/125726

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57475

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.