PT-2020-17035 · Seeddms · Seeddms

Published

2020-11-24

Updated

2020-12-02

CVE-2020-28726

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.13

Description The issue is an open redirect in SeedDMS via the dropfolderfileform1 parameter to the "/out/out.AddDocument.php" endpoint. This allows for potential redirection to unintended locations.

Recommendations For SeedDMS version 6.0.13, consider restricting access to the "/out/out.AddDocument.php" endpoint until a patch is available. As a temporary workaround, avoid using the dropfolderfileform1 parameter in the affected endpoint to minimize the risk of exploitation.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2020-28726

Affected Products

Seeddms

PT-2020-17035 · Seeddms · Seeddms

CVE-2020-28726

Weakness Enumeration

Related Identifiers

Affected Products

References · 5