CVE-2023-47261 Information

Description

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access and xp_cmdshell can be enabled.

Reference

https://www.dokmee.com/Support-Learn/Updates-Change-Log https://h3x0s3.github.io/CVE2023~47261/