PT-2022-12344 · Seeddms · Seeddms

Published

2022-02-04

Updated

2022-02-09

CVE-2021-45408

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.15

Description The issue allows remote malicious users to redirect users to malicious sites. This is achieved by exploiting the referuri parameter in the out.Login.php file.

Recommendations For SeedDMS version 6.0.15, consider restricting the use of the referuri parameter in the out.Login.php file until a patch is available. Avoid using the referuri parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2021-45408

Affected Products

Seeddms

PT-2022-12344 · Seeddms · Seeddms

CVE-2021-45408

Weakness Enumeration

Related Identifiers

Affected Products

References · 4