Vulnerabilities > Opendocman > Opendocman > 1.2.5

DATE CVE VULNERABILITY TITLE RISK
2009-10-27 CVE-2009-3801 SQL Injection vulnerability in Opendocman 1.2.5
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter.
network
low complexity
opendocman CWE-89
7.5
7.5
2009-10-26 CVE-2009-3789 Cross-Site Scripting vulnerability in Opendocman 1.2.5
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
network
opendocman CWE-79
4.3
4.3
2009-10-26 CVE-2009-3788 SQL Injection vulnerability in Opendocman 1.2.5
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
network
low complexity
opendocman CWE-89
7.5
7.5
2008-06-20 CVE-2008-2788 Cross-Site Scripting vulnerability in Opendocman 1.2.5
Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
network
opendocman CWE-79
4.3
4.3
2008-06-20 CVE-2008-2787 Cross-Site Scripting vulnerability in Opendocman 1.2.5
Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.
network
opendocman CWE-79
4.3
4.3