CVE Tools

opendocman

Enterprise Softwareoss-project

10

Cumulative CVEs

6

Monthly snapshots

#29

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting opendocman.

CVE-2019-25684OpenDocMan 1.3.4 SQL Injection via where Parameter8.2Apr 5, 2026
CVE-2021-45834An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or le...9.8Mar 18, 2022
CVE-2014-1946OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to th...8.8Apr 10, 2018
CVE-2015-5625Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.4.3Sep 7, 2015
CVE-2014-4853Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.4.3Jul 10, 2014
CVE-2014-2317SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained...6.8Mar 7, 2014
CVE-2014-1945SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.7.5Mar 7, 2014
CVE-2011-3764OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated...5.0Sep 24, 2011
CVE-2009-3801SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this inform...7.5Oct 27, 2009
CVE-2009-3789Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublishe...4.3Oct 26, 2009
CVE-2009-3788SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.7.5Oct 26, 2009
CVE-2008-2788Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.4.3Jun 20, 2008
CVE-2008-2787Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.4.3Jun 20, 2008
CVE-2006-5655SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.7.5Nov 3, 2006