CVE-2018-12942

Published: Jul 31, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG

x_refsource_CONFIRM

https://www.contextis.com/resources/advisories/cve-2018-12942

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-12942

Description

Affected Products

References