Primary

Context

openDCIM SQL Injection Vulnerability in people_depts.php

Vulnerability

A SQL injection vulnerability has been identified in openDCIM versions through 23.04, specifically in the people_depts.php file. The issue arises because the application does not use prepared statements, allowing for the manipulation of SQL queries and potentially unauthorized access to the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Remediation

The vulnerability can be addressed by modifying the code in people_depts.php to use prepared statements for database queries, which will help prevent SQL injection attacks.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

openDCIM SQL Injection Vulnerability in people_depts.php

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating