CVE-2019-12744

Information

Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions < 5.1.11
CVE: CVE-2019-12744

Vendor Homepage: https://www.seeddms.org/index.php?id=2
Exploit Author: NobodyAtall
Tested version: Seeddms 5.1.10, 5.0.11
Tested OS: Windows 7 x64

Medium Article

https://bryanleong98.medium.com/cve-2019-12744-remote-command-execution-through-unvalidated-file-upload-in-seeddms-versions-5-1-1-5c32d90fda28

PoC Images

Help Menu

usage: CVE-2019-12744.py [-h] -u USERNAME -p PASSWORD --url URL

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        login username
  -p PASSWORD, --password PASSWORD
                        login password
  --url URL             target URL Path

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
pocImg		pocImg
.gitattributes		.gitattributes
.gitignore		.gitignore
CVE-2019-12744.py		CVE-2019-12744.py
README.md		README.md
phpCmdInjection.php		phpCmdInjection.php

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2019-12744

Information

Medium Article

PoC Images

Help Menu

About

Releases

Packages

Languages

nobodyatall648/CVE-2019-12744

Folders and files

Latest commit

History

Repository files navigation

CVE-2019-12744

Information

Medium Article

PoC Images

Help Menu

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages