Lucene search
RootSSV:61583HistoryFeb 27, 2014 - 12:00 a.m.
OpenDocMan 'ajax_udf.php'多个SQL注入漏洞
2014-02-2700:00:00
Root
www.seebug.org
27
0.005 Low
EPSS
Percentile
73.2%
Bugtraq ID:65775
CVE ID:CVE-2014-1945
OpenDocMan是一款开源基于WEB的文档管理系统。
对通过"add_value" GET参数和"table" GET提交给ajax_udf.php的输入缺少充分过滤,允许攻击者利用漏洞进行SQL注入攻击,可获得敏感数据库信息或控制应用系统。
0
OpenDocMan 1.2.7.1
厂商补丁:
OpenDocMan
OpenDocMan 1.2.7.2已经修复该漏洞,建议用户下载更新:
http://www.opendocman.com
http://[host]/ajax_udf.php?q=1&add_value=odm_user%20UNION%20SELECT%201,version%28%29,3,4,5,6,7,8,9
Related
openvas
openvas
OpenDocMan 'ajax_udf.php' Multiple SQL Injection Vulnerabilities
2014-03-11 00:00:00
prion
prion
Sql injection
2014-03-09 13:16:00
cvelist
cvelist
CVE-2014-1945
2014-03-07 20:00:00
zdt
zdt
OpenDocMan 1.2.7 - Multiple Vulnerabilities
2014-03-05 00:00:00
cve
cve
CVE-2014-1945
2014-03-09 13:16:00
htbridge
htbridge
Multiple Vulnerabilities in OpenDocMan
2014-02-12 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in OpenDocMan
2014-05-04 00:00:00
exploitpack
exploitpack
OpenDocMan 1.2.7 - Multiple Vulnerabilities
2014-03-05 00:00:00
packetstorm
packetstorm
OpenDocMan 1.2.7 SQL Injection / Access Control
2014-03-06 00:00:00
exploitdb
exploitdb
OpenDocMan 1.2.7 - Multiple Vulnerabilities
2014-03-05 00:00:00