Filtered by vendor Opendocman Subscriptions
Filtered by product Opendocman Subscriptions
Total 13 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-3801 1 Opendocman 1 Opendocman 2022-10-03 N/A
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2014-2317 1 Opendocman 1 Opendocman 2022-10-03 N/A
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
CVE-2014-4853 1 Opendocman 1 Opendocman 2022-10-03 N/A
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.
CVE-2008-2788 1 Opendocman 1 Opendocman 2022-10-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
CVE-2021-45834 1 Opendocman 1 Opendocman 2022-03-25 9.8 Critical
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.
CVE-2014-1946 1 Opendocman 1 Opendocman 2019-04-26 N/A
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.
CVE-2006-5655 1 Opendocman 1 Opendocman 2018-10-17 N/A
SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2008-2787 1 Opendocman 1 Opendocman 2018-10-11 N/A
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
CVE-2011-3764 1 Opendocman 1 Opendocman 2017-08-29 N/A
OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files.
CVE-2009-3789 1 Opendocman 1 Opendocman 2017-08-17 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
CVE-2009-3788 1 Opendocman 1 Opendocman 2017-08-17 N/A
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
CVE-2015-5625 1 Opendocman 1 Opendocman 2016-12-22 N/A
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
CVE-2014-1945 1 Opendocman 1 Opendocman 2014-03-10 N/A
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.