) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:opendocman:opendocman:1.2.6.2:a:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-1946 |
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. Published: April 10, 2018; 11:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2015-5625 |
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. Published: September 07, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2014-4853 |
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file. Published: July 10, 2014; 12:55:06 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2014-2317 |
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. Published: March 09, 2014; 9:16:57 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2014-1945 |
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. Published: March 09, 2014; 9:16:57 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |