CVE-2014-2278

CVE-2014-2278 · MEDIUM Severity

AV:N/AC:H/AU:N/C:P/I:P/A:P

Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the partitionIndex parameter and leveraging CVE-2014-2279.2 to access it via the directory specified by the fileId parameter.

Learn more about our Web Application Penetration Testing UK.