PT-2021-21283 · Seeddms · Seeddms
Published
2021-08-03
·
Updated
2021-08-10
·
CVE-2021-36542
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SeedDMS versions 5.1.x through 5.1.22
SeedDMS versions 6.0.x through 6.0.15
Description
A Cross-Site Request Forgery (CSRF) issue exists, allowing a remote attacker to lock any document without the victim's knowledge. This can be achieved by enticing an authenticated user to visit an attacker's web page, exploiting the
/op/op.LockDocument.php endpoint.Recommendations
For SeedDMS versions 5.1.x through 5.1.22, update to version 5.1.23 or later.
For SeedDMS versions 6.0.x through 6.0.15, update to version 6.0.16 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seeddms