Lucene search

Opendocman Security Vulnerabilities

cve

CVE-2006-5655

SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

8.8AI Score

0.003EPSS

2006-11-03 12:07 AM

cve

CVE-2008-2787

Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.

5.7AI Score

0.013EPSS

2008-06-20 11:48 AM

cve

CVE-2008-2788

Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

5.7AI Score

0.001EPSS

2008-06-20 11:48 AM

cve

CVE-2009-3788

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.

8.3AI Score

0.002EPSS

2009-10-26 05:30 PM

cve

CVE-2009-3789

Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) dep...

5.8AI Score

0.02EPSS

2009-10-26 05:30 PM

cve

CVE-2009-3801

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

8AI Score

0.001EPSS

2009-10-27 04:30 PM

cve

CVE-2011-3764

OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files.

6.3AI Score

0.003EPSS

2011-09-24 12:55 AM

cve

CVE-2014-1945

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.

9AI Score

0.018EPSS

2014-03-09 01:16 PM

178

cve

CVE-2014-1946

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.

8.8CVSS

8.1AI Score

0.01EPSS

2018-04-10 03:29 PM

cve

CVE-2014-2317

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.

8.7AI Score

0.002EPSS

2014-03-09 01:16 PM

cve

CVE-2014-4853

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.

5.4AI Score

0.002EPSS

2014-07-10 04:55 PM

cve

CVE-2015-5625

Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

5.9AI Score

0.002EPSS

2015-09-07 02:59 PM

cve

CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.

9.8CVSS

9.7AI Score

0.004EPSS

2022-03-18 11:15 AM