Opendocman Security Vulnerabilities and Issues — Opendocman CVE List

Lucene search

OpendocmanOpendocman

13 matches found

CVE•added 2014/03/09 1:16 p.m.•204 views

CVE-2014-1945

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.

7.5CVSS9AI score0.00323EPSS

CVE•added 2018/04/10 3:29 p.m.•74 views

CVE-2014-1946

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.

8.8CVSS8.1AI score0.00829EPSS

CVE•added 2022/03/18 11:15 a.m.•43 views

CVE-2021-45834

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.

9.8CVSS9.7AI score0.01284EPSS

CVE•added 2008/06/20 11:48 a.m.•37 views

CVE-2008-2788

Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

4.3CVSS5.7AI score0.00263EPSS

CVE•added 2009/10/26 5:30 p.m.•37 views

CVE-2009-3789

Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) dep...

4.3CVSS5.8AI score0.03026EPSS

CVE•added 2009/10/27 4:30 p.m.•35 views

CVE-2009-3801

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5CVSS8AI score0.00366EPSS

CVE•added 2011/09/24 12:55 a.m.•34 views

CVE-2011-3764

OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files.

5CVSS6.3AI score0.00319EPSS

CVE•added 2014/07/10 4:55 p.m.•34 views

CVE-2014-4853

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.

4.3CVSS5.4AI score0.00256EPSS

Web

CVE•added 2008/06/20 11:48 a.m.•33 views

CVE-2008-2787

Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.

4.3CVSS5.7AI score0.07297EPSS

CVE•added 2009/10/26 5:30 p.m.•32 views

CVE-2009-3788

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.

7.5CVSS8.3AI score0.00481EPSS

CVE•added 2014/03/09 1:16 p.m.•32 views

CVE-2014-2317

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.

6.8CVSS8.7AI score0.00445EPSS

CVE•added 2015/09/07 2:59 p.m.•31 views

CVE-2015-5625

Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

4.3CVSS5.9AI score0.0035EPSS

CVE•added 2006/11/03 12:7 a.m.•27 views

CVE-2006-5655

SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5CVSS8.8AI score0.00484EPSS