Once uploaded, SeedDMS assigns a document ID to the file. Depending on the configuration, uploaded documents are either stored in a dedicated data directory or accessible via specific application paths, such as:
CVE‑2022‑28478
SeedDMS 5.1.x is considered "old stable" but has been actively maintained. Users should ensure they are on the latest sub-minor version to get all security fixes merged.
SeedDMS failed to strictly enforce file type restrictions on the "Add Document" functionality. seeddms 5.1.22 exploit
SeedDMS is a popular open-source enterprise document management system (DMS) used by organizations to store, share, and track electronic documents. While robust, specific versions—most notably —have been identified as vulnerable to critical security flaws.
SeedDMS is a popular open-source document management system, frequently deployed by small to medium-sized enterprises for its simplicity and robust feature set. However, version —released in early 2021—contains critical security flaws that have since become prime targets for penetration testers and malicious actors alike.
If the response is delayed by 5 seconds, the vulnerability exists. Once uploaded, SeedDMS assigns a document ID to the file
The vulnerabilities in SeedDMS 5.1 highlight the critical importance of keeping self-hosted, open-source software updated. While the CVE-2019-12744 exploit targets older versions (pre-5.1.11), active maintenance and patching of SeedDMS 5.1.22 are essential to prevent exploitation by similar methods. By following security best practices—upgrading, restricting uploads, and monitoring access—administrators can secure their document management systems effectively.
While CVE-2019-12744 specifically affects SeedDMS versions before 5.1.11, it provides important context for understanding the version 5.1.22 landscape. This vulnerability allowed unvalidated file upload of PHP scripts, leading to Remote Command Execution. Multiple proof-of-concept exploits are available online, demonstrating the severe impact this vulnerability can have, including complete system compromise.
curl "http://192.168.1.100/seeddms51/data/1000/1/1/evil.php?cmd=id" SeedDMS failed to strictly enforce file type restrictions
: The attacker first obtains valid credentials (e.g., via brute force or by finding exposed credentials in database files).
sqlmap -u "http://target/seeddms51/op/op.RemoveDocument.php?documentid=1" \ --technique=T --dbms=mysql --level=3 --risk=2 \ -D seeddms_db -T tblUsers -C login,passwd --dump
: Apply the principle of least privilege to user accounts and system permissions. Regular users should not have administrative capabilities, and web server processes should run with minimal system privileges.
find /var/www/seeddms/data -type f -size -10k -exec grep -l "eval\|system\|base64_decode" {} \;
The core flaw in SeedDMS 5.1.22 lies in insufficient input validation and improper file upload restrictions. The application allows authenticated users to upload documents, but fails to properly sanitize or restrict the file extensions during the upload process.