CVE-2022-28478 - OpenCVE

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Seeddms	Seeddms

Configuration 1 [-]

OR	cpe:2.3:a:seeddms:seeddms:5.1.24:::::::*
	cpe:2.3:a:seeddms:seeddms:6.0.17:::::::*

References

Link	Resource
https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28478	Exploit Patch Third Party Advisory
https://sourceforge.net/p/seeddms/code/ci/d68c922152e8a8060dd7fc3ebdd7af685e270e36/	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-06-06T22:17:28

Updated: 2022-06-06T22:17:28

Reserved: 2022-04-04T00:00:00

Link: CVE-2022-28478

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-06T23:15:08.167

Modified: 2022-06-14T16:15:19.083

Link: CVE-2022-28478

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The \"Remove file\" functionality inside the \"Log files management\" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-06T22:17:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/seeddms/code/ci/d68c922152e8a8060dd7fc3ebdd7af685e270e36/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28478"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28478", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The \"Remove file\" functionality inside the \"Log files management\" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sourceforge.net/p/seeddms/code/ci/d68c922152e8a8060dd7fc3ebdd7af685e270e36/", "refsource": "MISC", "url": "https://sourceforge.net/p/seeddms/code/ci/d68c922152e8a8060dd7fc3ebdd7af685e270e36/"}, {"name": "https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28478", "refsource": "MISC", "url": "https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28478"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28478", "datePublished": "2022-06-06T22:17:28", "dateReserved": "2022-04-04T00:00:00", "dateUpdated": "2022-06-06T22:17:28", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:seeddms:seeddms:5.1.24:*:*:*:*:*:*:*", "matchCriteriaId": "B55E788C-44FB-43EE-B20B-7E4410C0A56E", "vulnerable": true}, {"criteria": "cpe:2.3:a:seeddms:seeddms:6.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "54859E66-8CDB-4DC6-B5BA-13DCBC4FDD83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The \"Remove file\" functionality inside the \"Log files management\" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system."}, {"lang": "es", "value": "SeedDMS versiones 6.0.17 y 5.1.24, son vulnerables a un Salto de Directorio. La funcionalidad \"Remove file\" dentro del men\u00fa \"Log files management\" no sanea la entrada del usuario, lo que permite a atacantes con privilegios de administrador eliminar archivos arbitrarios en el sistema remoto"}], "id": "CVE-2022-28478", "lastModified": "2022-06-14T16:15:19.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-06T23:15:08.167", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28478"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://sourceforge.net/p/seeddms/code/ci/d68c922152e8a8060dd7fc3ebdd7af685e270e36/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}