SeedDMS version 5.1.22 (and some adjacent versions) contained an authenticated Remote Code Execution (RCE) vulnerability, primarily stemming from insecure file upload functionality. An attacker with valid document management system credentials could upload a malicious PHP file disguised as a regular document and then trigger its execution to take over the server.
