PT-2023-12199 · Seeddms · Seeddms
Published
2023-06-07
·
Updated
2023-06-15
·
CVE-2021-33223
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SeedDMS version 6.0.15
Description
An issue in SeedDMS allows an attacker to escalate privileges via the
userid and role parameters in the out.UsrMgr.php file.Recommendations
For SeedDMS version 6.0.15, consider restricting access to the out.UsrMgr.php file until a patch is available. As a temporary workaround, avoid using the
userid and role parameters in the affected file to minimize the risk of exploitation.Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seeddms