Unrated severityNVD Advisory· Published Oct 17, 2014· Updated May 6, 2026

CVE-2014-2279

Description

Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. (dot dot) in the logname parameter to out/out.LogManagement.php or (2) remote attackers to write to arbitrary files via a .. (dot dot) in the fileId parameter to op/op.AddFile2.php. NOTE: vector 2 can be leveraged to execute arbitrary code by using CVE-2014-2278.

Affected products

Seeddms/Seeddms
cpe:2.3:a:seeddms:seeddms:*:*:*:*:*:*:*:*
Range: <=4.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOGnvdVendor Advisory
archives.neohapsis.com/archives/bugtraq/2014-03/0101.htmlnvd
osvdb.org/show/osvdb/104466nvd
packetstormsecurity.com/files/125726nvd
www.securityfocus.com/bid/66256nvd
exchange.xforce.ibmcloud.com/vulnerabilities/91831nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000