Lucene search

Open Business Management Security Vulnerabilities

cve

CVE-2006-3009

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to inject arbitrary HTML or web script via the (1) tf_lang, (2) tf_name, (3) tf_user, (4) tf_lastname, (5) tf_contact, (6) tf_datebefore, and (7) tf_dateafter parameters to files s...

6.1AI Score

0.012EPSS

2006-06-13 10:02 PM

cve

CVE-2006-3010

Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) compa...

8.9AI Score

0.011EPSS

2006-06-13 10:02 PM

cve

CVE-2007-2316

Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."

6.6AI Score

0.016EPSS

2007-04-26 09:19 PM

cve

CVE-2011-5141

Directory traversal vulnerability in exportcsv/exportcsv_index.php in Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the module parameter in an export_page action.

6.9AI Score

0.004EPSS

2012-08-31 09:55 PM

cve

CVE-2011-5142

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login par...

5.9AI Score

0.004EPSS

2012-08-31 09:55 PM

cve

CVE-2011-5143

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is ...

5.7AI Score

0.001EPSS

2022-10-03 04:15 PM

cve

CVE-2011-5144

Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function.

6.5AI Score

0.005EPSS

2012-08-31 09:55 PM

cve

CVE-2011-5145

Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php...

8.3AI Score

0.005EPSS

2012-08-31 09:55 PM