CVE-2014-2317

Published Mar 9, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95E5497B-E681-41EC-A960-72F3523A8339",
            "versionEndIncluding": "1.2.7.1"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4D3F02F-3FE2-4D7A-97A5-7CFB53BFEBC1"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.2:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC21AE07-0BE2-470A-9A9D-9B0A0E1BB50F"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.2:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A4674E7-CDAE-46E0-BB50-89982B13EA3F"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEC5FABB-8752-4CFD-BED7-29DD2CE51B80"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.3:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE2D011C-A93E-46D0-93CE-3670B92C84A6"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4EA4AA2-95AD-4BD2-83E5-C4AE32317216"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5DAD56F-53B1-4D49-9A58-CC60AE2CF5CB"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7691977-FF85-4A33-8F38-2F35E975B1AB"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.7:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6356D416-603D-4CC2-B788-F66AA5C183EA"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E47E7FB-D37A-4194-A57C-C40E2F3B5743"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA22C31-F0BB-47FF-95B5-6C00FCEBF763"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References