Vulnerabilities > Opendocman > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2021-45834 Unrestricted Upload of File with Dangerous Type vulnerability in Opendocman 1.4.4
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.
network
low complexity
opendocman CWE-434
7.5
7.5
2014-03-09 CVE-2014-1945 SQL Injection vulnerability in Opendocman
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
network
low complexity
opendocman CWE-89
7.5
7.5
2009-10-27 CVE-2009-3801 SQL Injection vulnerability in Opendocman 1.2.5
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter.
network
low complexity
opendocman CWE-89
7.5
7.5
2009-10-26 CVE-2009-3788 SQL Injection vulnerability in Opendocman 1.2.5
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
network
low complexity
opendocman CWE-89
7.5
7.5
2006-11-03 CVE-2006-5655 SQL Injection vulnerability in Opendocman 1.2P3
SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
network
low complexity
opendocman
7.5
7.5