CVE-2018-12942

Name of the Vulnerable Software and Affected Versions SeedDMS versions prior to 5.1.8

Description The issue allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. This can be used to extract, change, or delete sensitive information within the database, and potentially run system commands on the underlying operating system.

Recommendations For versions prior to 5.1.8, update to version 5.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Users management" functionality to minimize the risk of exploitation.