Vulnerabilities > Openkm > Openkm > 5.1.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-13 | CVE-2022-3969 | Insecure Temporary File vulnerability in Openkm A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. | 5.5 |
2019-04-22 | CVE-2019-11445 | Unrestricted Upload of File with Dangerous Type vulnerability in Openkm OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. | 9.0 |
2012-09-09 | CVE-2012-2316 | Cross-Site Request Forgery (CSRF) vulnerability in Openkm 5.1.7/5.1.8 Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. | 6.8 |
2012-09-09 | CVE-2012-2315 | Permissions, Privileges, and Access Controls vulnerability in Openkm 5.1.7/5.1.8 admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action. | 4.0 |