CVE-2018-12941

Name of the Vulnerable Software and Affected Versions SeedDMS versions prior to 5.1.8

Description This issue allows remote attackers to execute arbitrary code by manipulating the cacheDir path and using the "Clear Cache" functionality. An authenticated attacker with permission to the Settings functionality can inject arbitrary system commands within the application. This can be used to extract, change, or delete sensitive information or run system commands on the underlying operating system.

Recommendations For versions prior to 5.1.8, update to version 5.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Settings functionality and the "Clear Cache" option to minimize the risk of exploitation. Avoid manipulating the cacheDir path until the issue is resolved.