Lucene search
K

211 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-41878

R-SOFT DMS is vulnerable to Insecure Direct Object Reference IDOR attack in multiple file download endpoints. The application fetches files from the database by ID and serves them to whoever requests them, relying only on session authentication, meaning any valid user can access any file. This...

7.1CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-41877 Stored XSS in R-SOFT DMS

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS0.0039EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/21 6:31 p.m.4 views

EUVD-2019-19903

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00324EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/02/26 4:16 a.m.17 views

CVE-2026-3133

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...

9.8CVSS5.2AI score0.00393EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/25 6:31 a.m.9 views

EUVD-2026-8509

A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

9.8CVSS5.4AI score0.00399EPSS
Exploits1References6
NVD
NVD
added 2026/02/25 6:16 a.m.9 views

CVE-2026-3153

A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

9.8CVSS0.00399EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 5:32 a.m.8 views

CVE-2026-3153

A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

9.8CVSS5.4AI score0.00399EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 5:32 a.m.5 views

CVE-2026-3153 itsourcecode Document Management System register.php sql injection

A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public a...

7.5CVSS5.4AI score0.00399EPSS
Exploits1References5
CVE
CVE
added 2026/02/25 5:32 a.m.19 views

CVE-2026-3153

The CVE-2026-3153 entry concerns itsourcecode Document Management System 1.0. A vulnerability in the /register.php file allows manipulation of the Username parameter to perform a SQL injection, with remote exploitation indicated. Multiple connected sources (Red Hat, EU vulnerability catalogs, CVE...

9.8CVSS5.4AI score0.00399EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.10 views

CVE-2026-3068

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

9.8CVSS5.5AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.10 views

CVE-2026-3069

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ma...

9.8CVSS5.4AI score0.00333EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/25 12:31 a.m.7 views

EUVD-2026-8573

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...

9.8CVSS5.2AI score0.00393EPSS
Exploits1References6
OSV
OSV
added 2026/02/25 12:16 a.m.12 views

CVE-2026-3133

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...

9.8CVSS5.6AI score0.00393EPSS
Exploits1References5
NVD
NVD
added 2026/02/25 12:16 a.m.18 views

CVE-2026-3133

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...

9.8CVSS0.00393EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

itsourcecode Document Management System SQL注入漏洞

itsourcecode Document Management System is an open-source document management system developed by itsourcecode. Version 1.0 of the itsourcecode Document Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the login component,...

9.8CVSS7.2AI score0.00393EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/24 11:32 p.m.7 views

CVE-2026-3133

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit ha...

9.8CVSS5.2AI score0.00393EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/24 11:32 p.m.23 views

CVE-2026-3133

CVE-2026-3133 affects itsourcecode Document Management System 1.0. The vulnerability arises in the Login component’s /loging.php when processing the Username argument, allowing a SQL injection. Exploitation is remote and has been disclosed publicly. Multiple sources (NVD, Red Hat, EUVD, CIRCL, CV...

9.8CVSS5.2AI score0.00393EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/02/24 5:17 a.m.8 views

CVE-2026-3069

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ma...

9.8CVSS0.00333EPSS
Exploits1References5
OSV
OSV
added 2026/02/24 5:17 a.m.3 views

CVE-2026-3069

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ma...

9.8CVSS5.8AI score0.00333EPSS
Exploits1References5
NVD
NVD
added 2026/02/24 4:15 a.m.10 views

CVE-2026-3068

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

9.8CVSS0.00333EPSS
Exploits1References5
Rows per page
Query Builder