Skip to main content

Opendocman

5 CVEs product

Monthly

CVE-2021-45834 CRITICAL POC Act Now

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Opendocman
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.2%
CVE-2015-5625 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opendocman
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4853 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Opendocman
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-2317 MEDIUM POC PATCH This Month

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Opendocman
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
0.6%
CVE-2014-1945 HIGH POC PATCH This Week

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Opendocman
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
0.6%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Opendocman
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Opendocman
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

PHP SQLi Opendocman
NVD Exploit-DB VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Opendocman
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy