CVE-2026-41917 OpenKM 6.3.12 Local File Inclusion via Admin Scripting

OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with action=Load. Attackers c...

OpenKM SQL注入漏洞

OpenKM is a document management system developed by OpenKM Company in Spain. This system offers features such as version control, file history, and file sharing. Version OpenKM 6.3.12 has a SQL injection vulnerability; this vulnerability stems from an unlimited SQL execution flaw, which could all...

CVE-2021-33950

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function...

EUVD-2008-2223

Malware in sbrugna...

EUVD-2012-2309

Malware in sbrugna...

EUVD-2014-8784

Malware in sbrugna...

EUVD-2023-54902

Malicious code in bioql PyPI...

EUVD-2022-43301

Malicious code in bioql PyPI...

EUVD-2022-43608

Malicious code in bioql PyPI...

EUVD-2022-34416

Malicious code in bioql PyPI...

CVE-2022-40317

OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element...

CVE-2022-3969

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

CVE-2012-2316

Cross-site request forgery CSRF vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp...

CVE-2019-11445

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...

OpenKM 代码问题漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM version v6.3.10, which originated from a vulnerability that allows an attacker to obtain sensitive informati...

CVE-2021-33950

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function...

CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

OpenKM 安全漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, file history and file sharing. A security vulnerability exists in OpenKM versions prior to 6.3.11, which originates from an unknown function getFileExtension in the...

OpenKM Cross-Site Scripting Vulnerability (CNVD-2017-30870)

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in versions of OpenKM prior to 6.4.19. A remote attacker can exploit this vulnerability to inject arbitrar...