Vulnerabilities > Opendocman
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-18 | CVE-2021-45834 | Unrestricted Upload of File with Dangerous Type vulnerability in Opendocman 1.4.4 An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution. | 9.8 |
2018-04-10 | CVE-2014-1946 | Permissions, Privileges, and Access Controls vulnerability in Opendocman OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. | 8.8 |