Opendocman : Security Vulnerabilities, CVEs,
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.32%
Published
2022-03-18
Updated
2022-03-25
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2015-09-07
Updated
2016-12-22
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-07-10
Updated
2014-07-11
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.13%
Published
2014-03-09
Updated
2014-03-10
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.
Max CVSS
8.8
EPSS Score
0.98%
Published
2018-04-10
Updated
2019-04-26
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
Max CVSS
7.5
EPSS Score
1.35%
Published
2014-03-09
Updated
2014-03-10
OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files.
Max CVSS
5.0
EPSS Score
0.31%
Published
2011-09-24
Updated
2017-08-29
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-10-27
Updated
2009-10-28
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
Max CVSS
4.3
EPSS Score
2.02%
Published
2009-10-26
Updated
2017-08-17
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
Max CVSS
7.5
EPSS Score
0.19%
Published
2009-10-26
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
Max CVSS
4.3
EPSS Score
0.11%
Published
2008-06-20
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
Max CVSS
4.3
EPSS Score
1.28%
Published
2008-06-20
Updated
2018-10-11
SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Max CVSS
7.5
EPSS Score
0.33%
Published
2006-11-03
Updated
2018-10-17
13 vulnerabilities found