|
Description
|
|
Multiple vulnerabilities have been discovered in OpenDocMan which can be exploited by malicious people to conduct SQL injection attacks and bypass certain security restrictions.
1) Input passed via the "table" GET parameter to ajax_udf.php (when "add_value" is set "add" or "edit") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "add_value" GET parameter to ajax_udf.php (when "q" is set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities #1 and #2 are confirmed in version 1.2.7.1. Prior versions may also be affected.
3) An error related to creating users in signup.php can be exploited by to create arbitrary users with administrative privileges.
Successful exploitation of this vulnerability requires the "allow_signup" setting enabled (not default).
This vulnerability is confirmed in version 1.2.7.0. Prior versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
OpenDocMan 1.x
|
|
|
|
|
|
Solution
|
|
Update to version 1.2.7.2.
|
|
|
|
|
|
CVE
|
|
CVE-2014-1946
CVE-2014-1945
|
|
|
|
|
|
References
|
|
OpenDocMan:
http://www.opendocman.com/opendocman-v1-2-7-2-released/
High-Tech Bridge SA:
https://www.htbridge.com/advisory/HTB23202
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
