OpenDocMan 'ajax_udf.php' Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

OpenDocMan is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Impact

An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Solution

Updates are available. Please see the references or vendor advisory for more information.

Insight

The vulnerability exists due to insufficient validation of "add_value" HTTP GET parameter in "/ajax_udf.php".

Affected

OpenDocMan 1.2.7.1 is vulnerable other versions may also be affected.

Detection

Try to inject SQL code.

References

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities