CVE-2019-12744 PoC — SeedDMS 代码问题漏洞

Source

https://github.com/nobodyatall648/CVE-2019-12744

Associated Vulnerability

Title:SeedDMS 代码问题漏洞 (CVE-2019-12744)
Description:SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.

Description

Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11

Readme

# CVE-2019-12744
 
## Information
Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions < 5.1.11 <br>
CVE: CVE-2019-12744 <br>

Vendor Homepage: https://www.seeddms.org/index.php?id=2 <br>
Exploit Author: NobodyAtall <br>
Tested version: Seeddms 5.1.10, 5.0.11 <br>
Tested OS: Windows 7 x64

## Medium Article
https://bryanleong98.medium.com/cve-2019-12744-remote-command-execution-through-unvalidated-file-upload-in-seeddms-versions-5-1-1-5c32d90fda28

## PoC Images
![](pocImg/1.png)

![](pocImg/2.png)

## Help Menu
```
usage: CVE-2019-12744.py [-h] -u USERNAME -p PASSWORD --url URL

optional arguments:
  -h, --help            show this help message and exit
  -u USERNAME, --username USERNAME
                        login username
  -p PASSWORD, --password PASSWORD
                        login password
  --url URL             target URL Path
```

File Snapshot


 [4.0K]  /data/pocs/9c7677036340a9844c8a015b9d8e66fe6f116ec0
├── [8.2K]  CVE-2019-12744.py
├── [ 162]  phpCmdInjection.php
├── [4.0K]  pocImg
│   ├── [ 57K]  1.png
│   └── [ 91K]  2.png
└── [ 895]  README.md

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!