53 matches found
CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-10253
CVE-2025-10253 affects openDCIM 23.04; the vulnerable component is the SVG File Handler’s /scripts/uploadifive.php, where manipulation of the Filedata argument enables cross-site scripting. The issue is triggered remotely via user-controlled input, with exploit maturity noted as a proof-of-concep...
PT-2025-37185
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...
openDCIM 安全漏洞
openDCIM is openDCIM open source a data center inventory management DCIM application . openDCIM version 23.04 cross-site scripting vulnerability , the vulnerability stems from the file /scripts/uploadifive.php parameter Filedata on the user-supplied data lack of effective filtering and escaping ,...
The vulnerability of the `people_depts` function in the `people_depts.php` file of the openDCIM software management infrastructure, which allows a hacker to execute arbitrary code.
The vulnerability of the peopledepts function in the peopledepts.php file of the openDCIM software for managing data infrastructure involves the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2025-48701
openDCIM through 23.04 allows SQL injection in peopledepts.php because prepared statements are not used...
CVE-2025-48701
openDCIM through 23.04 allows SQL injection in peopledepts.php because prepared statements are not used...
CVE-2025-48701
openDCIM through 23.04 allows SQL injection in peopledepts.php because prepared statements are not used...
CVE-2025-48701
openDCIM through 23.04 allows SQL injection in peopledepts.php because prepared statements are not used...
CVE-2025-48701
openDCIM through 23.04 allows SQL injection in peopledepts.php because prepared statements are not used...
openDCIM SQL注入漏洞
openDCIM is an openDCIM open source Data Center Inventory Management DCIM application. A SQL injection vulnerability exists in openDCIM version 23.04 and earlier, which stems from unused preprocessing statements and could lead to SQL injection...
CVE-2025-48701
The CVE-2025-48701 entry corresponds to openDCIM before version 23.05, with a SQL injection in the people_depts.php path caused by not using prepared statements. Affected software: openDCIM 23.04 and earlier. Root cause: lack of prepared statements in a query in people_depts.php. Impact: potentia...
PT-2025-22577 · Opendcim · Opendcim
Name of the Vulnerable Software and Affected Versions: openDCIM versions prior to 23.05 Description: The issue allows SQL injection in people depts.php because prepared statements are not used. This could potentially lead to unauthorized access or manipulation of data. Recommendations: For openDC...