Opendocman

Opendocman

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-45834

Exploit
  • EPSS 1.35%
  • Veröffentlicht 18.03.2022 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:33:07

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.

8.8

CVE-2014-1946

Exploit
  • EPSS 0.79%
  • Veröffentlicht 10.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 02:05:19

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.

4.3

CVE-2015-5625

  • EPSS 0.35%
  • Veröffentlicht 07.09.2015 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

4.3

CVE-2014-4853

  • EPSS 0.26%
  • Veröffentlicht 10.07.2014 16:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.

7.5

CVE-2014-1945

Exploit
  • EPSS 0.28%
  • Veröffentlicht 09.03.2014 13:16:57
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.

6.8

CVE-2014-2317

  • EPSS 0.38%
  • Veröffentlicht 09.03.2014 13:16:57
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.

5

CVE-2011-3764

Exploit
  • EPSS 0.32%
  • Veröffentlicht 24.09.2011 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files.

7.5

CVE-2009-3801

  • EPSS 0.37%
  • Veröffentlicht 27.10.2009 16:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro...

7.5

CVE-2009-3788

Exploit
  • EPSS 0.48%
  • Veröffentlicht 26.10.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.

4.3

CVE-2009-3789

Exploit
  • EPSS 2.6%
  • Veröffentlicht 26.10.2009 17:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INF...