CVE-2019-25684 OpenDocMan 1.3.4 SQL Injection via where Parameter

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...

Opendocman HTML Injection Vulnerability

OpenDocMan is a versatile Web-based document management system DMS written in PHP and designed to follow the ISO 17025/IEC standard. OpenDocMan suffers from an HTML injection vulnerability due to the setting of filters to filter user input. An attacker may perform elevation of privilege or...