Vulnerabilities > Opendocman

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2021-45834 Unrestricted Upload of File with Dangerous Type vulnerability in Opendocman 1.4.4
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.
network
low complexity
opendocman CWE-434
critical
9.8
2018-04-10 CVE-2014-1946 Permissions, Privileges, and Access Controls vulnerability in Opendocman
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.
network
low complexity
opendocman CWE-264
8.8