Vulnerabilities > Opendocman > Opendocman > 1.2.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-10-27 | CVE-2009-3801 | SQL Injection vulnerability in Opendocman 1.2.5 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. | 7.5 |
2009-10-26 | CVE-2009-3789 | Cross-Site Scripting vulnerability in Opendocman 1.2.5 Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php. | 4.3 |
2009-10-26 | CVE-2009-3788 | SQL Injection vulnerability in Opendocman 1.2.5 SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. | 7.5 |
2008-06-20 | CVE-2008-2788 | Cross-Site Scripting vulnerability in Opendocman 1.2.5 Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | 4.3 |
2008-06-20 | CVE-2008-2787 | Cross-Site Scripting vulnerability in Opendocman 1.2.5 Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter. | 4.3 |