4 matches found
CVE-2019-25684
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...
CVE-2019-25684
OpenDocMan 1.3.4 is vulnerable to an SQL injection via the where parameter in the search.php endpoint. The issue arises from unsafely constructed SQL queries that allow unauthenticated attackers to manipulate database queries and potentially extract sensitive information. Documented impact includ...
OpenDocMan 1.3.4 - Cross-Site Request Forgery
OpenDocMan 1.3.4 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: CSRF Remote...
Opendocman 1.3.4 HTML Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: HTML Injection Remote Exploitable: Yes Reported to vendor:...