Document Management System
Monthly
SQL injection in itsourcecode Document Management System 1.0 via the Username parameter in /register.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face potential data theft, modification, and denial of service through successful exploitation.
SQL injection in itsourcecode Document Management System 1.0 login functionality allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling attackers to potentially read, modify, or delete sensitive data within the application.
SQL injection in itsourcecode Document Management System 1.0 via the field1 parameter in /edtlbls.php enables unauthenticated remote attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with minimal complexity.
Document Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP applications to redirect users to malicious websites, potentially compromising user credentials or distributing malware. The vulnerability requires user interaction to exploit and has limited impact on confidentiality and integrity, with no availability impact. No patch is currently available.
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in itsourcecode Document Management System 1.0 via the Username parameter in /register.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems face potential data theft, modification, and denial of service through successful exploitation.
SQL injection in itsourcecode Document Management System 1.0 login functionality allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires only network access with no user interaction, enabling attackers to potentially read, modify, or delete sensitive data within the application.
SQL injection in itsourcecode Document Management System 1.0 via the field1 parameter in /edtlbls.php enables unauthenticated remote attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network with minimal complexity.
Document Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP applications to redirect users to malicious websites, potentially compromising user credentials or distributing malware. The vulnerability requires user interaction to exploit and has limited impact on confidentiality and integrity, with no availability impact. No patch is currently available.
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability was found in code-projects Document Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.