Summary
OpenDocMan is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Impact
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Solution
Updates are available. Please see the references or vendor advisory for more information.
Insight
The vulnerability exists due to insufficient validation of "add_value" HTTP GET parameter in "/ajax_udf.php".
Affected
OpenDocMan 1.2.7.1 is vulnerable
other versions may also be affected.
Detection
Try to inject SQL code.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1945 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities