Primary

Context

OpenDocMan SQL Injection Vulnerability in Search.php

Vulnerability

Patched

A SQL injection vulnerability has been identified in OpenDocMan version 1.3.4. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can exploit this issue by sending GET requests to search.php with malicious SQL payloads, potentially leading to the extraction of sensitive database information.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to 'search.php' with the 'where' parameter containing a crafted SQL payload. The injection point is the 'where' parameter, which is vulnerable to SQL injection attacks.

Added: Apr 5, 2026, 9:31 PM

Updated: Apr 5, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

9.5

remediation

7.7

relevance

5.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

9.5

remediation

7.7

relevance

5.4

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenDocMan SQL Injection Vulnerability in Search.php

Vulnerability

Impact

Reproduction

Affected Products

OpenDocMan

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating