Skip to content

nobodyatall648/CVE-2019-12744

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

pocImg

pocImg

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

CVE-2019-12744.py

CVE-2019-12744.py

 
 

README.md

README.md

 
 

phpCmdInjection.php

phpCmdInjection.php

 
 

Repository files navigation

CVE-2019-12744

Information

Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions < 5.1.11
CVE: CVE-2019-12744

Vendor Homepage: https://www.seeddms.org/index.php?id=2
Exploit Author: NobodyAtall
Tested version: Seeddms 5.1.10, 5.0.11
Tested OS: Windows 7 x64

Medium Article

https://bryanleong98.medium.com/cve-2019-12744-remote-command-execution-through-unvalidated-file-upload-in-seeddms-versions-5-1-1-5c32d90fda28

PoC Images

Help Menu

usage: CVE-2019-12744.py [-h] -u USERNAME -p PASSWORD --url URL

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        login username
  -p PASSWORD, --password PASSWORD
                        login password
  --url URL             target URL Path

About

Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages