CVE-2021-35343

Name of the Vulnerable Software and Affected Versions: SeedDMS versions 5.1.x through 5.1.22 SeedDMS versions 6.0.x through 6.0.15

Description: A Cross-Site Request Forgery (CSRF) issue exists, allowing a remote attacker to modify a document name without the victim's knowledge. This can be achieved by enticing an authenticated user to visit a malicious web page, which exploits the vulnerability in the /op/op.Ajax.php endpoint, specifically the document name editing functionality.

Recommendations: For SeedDMS versions 5.1.x through 5.1.22, update to version 5.1.23 or later. For SeedDMS versions 6.0.x through 6.0.15, update to version 6.0.16 or later.