This host is running OpenDocMan and is prone to multiple Cross-Site Scripting and SQL Injection vulnerabilities.

Successful exploitation will allow attacker to cause Cross-Site Scripting or SQL Injection attacks by executing arbitrary codes with in the context of the affected application. Impact Level: Application.

Upgrade to OpenDocMan version 1.2.5.2 or later. http://www.opendocman.com/

- Input passed to the 'frmuser' and 'frmpass' parameters in 'index.php' is not properly sanitised before being used in SQL queries. - Input passed to the 'last_message' parameter in add.php, toBePublished.php, index.php, and admin.php, and input passed via the URL to category.php, department.php, profile.php, rejects.php, search.php, toBePublished.php, view_file.php, and user.php is not properly sanitised before being returned to the user.

OpenDocMan version prior to 1.2.5.2

• http://secunia.com/advisories/30750/
• http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt
• http://xforce.iss.net/xforce/xfdb/53886

---

Updated on 2015-03-25