Opendocman@* Security Vulnerabilities and Issues — Opendocman@* CVE List

Lucene search

OpendocmanOpendocman*

5 matches found

CVE•added 2014/03/09 1:16 p.m.•203 views

CVE-2014-1945

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.

7.5CVSS9AI score0.00411EPSS

CVE•added 2018/04/10 3:29 p.m.•73 views

CVE-2014-1946

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.

8.8CVSS8.1AI score0.00829EPSS

CVE•added 2014/07/10 4:55 p.m.•32 views

CVE-2014-4853

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.

4.3CVSS5.4AI score0.00256EPSS

CVE•added 2014/03/09 1:16 p.m.•31 views

CVE-2014-2317

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.

6.8CVSS8.7AI score0.00445EPSS

CVE•added 2015/09/07 2:59 p.m.•29 views

CVE-2015-5625

Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

4.3CVSS5.9AI score0.0035EPSS