opendocman CVE Vulnerabilities & Metrics

Focus on opendocman vulnerabilities and metrics.

Last updated: 16 Apr 2026, 22:25 UTC

About opendocman Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with opendocman. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total opendocman CVEs: 3
Earliest CVE date: 03 Nov 2006, 00:07 UTC
Latest CVE date: 05 Apr 2026, 21:16 UTC

Latest CVE reference: CVE-2019-25684

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical opendocman CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.52

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	8
7.0-8.9	5
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS opendocman CVEs

These are the five CVEs with the highest CVSS scores for opendocman, sorted by severity first and recency.

CVE-2021-45834 opendocman Published on 18 Mar 2022, 11:15 UTC (CVSS: 7.5)
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.
CVE-2014-1945 opendocman Published on 09 Mar 2014, 13:16 UTC (CVSS: 7.5)
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
CVE-2009-3801 opendocman Published on 27 Oct 2009, 16:30 UTC (CVSS: 7.5)
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3788 opendocman Published on 26 Oct 2009, 17:30 UTC (CVSS: 7.5)
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
CVE-2006-5655 opendocman Published on 03 Nov 2006, 00:07 UTC (CVSS: 7.5)
SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

All CVEs for opendocman

CVE-2019-25684 opendocman vulnerability CVSS: 0 05 Apr 2026, 21:16 UTC

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitive database information.

CVE-2021-45834 opendocman vulnerability CVSS: 7.5 18 Mar 2022, 11:15 UTC

An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product's environment or lead to arbitrary code execution.

CVE-2014-1946 opendocman vulnerability CVSS: 6.5 10 Apr 2018, 15:29 UTC

OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php.

CVE-2015-5625 opendocman vulnerability CVSS: 4.3 07 Sep 2015, 14:59 UTC

Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

CVE-2014-4853 opendocman vulnerability CVSS: 4.3 10 Jul 2014, 16:55 UTC

Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.

CVE-2014-2317 opendocman vulnerability CVSS: 6.8 09 Mar 2014, 13:16 UTC

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.

CVE-2014-1945 opendocman vulnerability CVSS: 7.5 09 Mar 2014, 13:16 UTC

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.

CVE-2011-3764 opendocman vulnerability CVSS: 5.0 24 Sep 2011, 00:55 UTC

OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by User_Perms_class.php and certain other files.

CVE-2009-3801 opendocman vulnerability CVSS: 7.5 27 Oct 2009, 16:30 UTC

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-3789 opendocman vulnerability CVSS: 4.3 26 Oct 2009, 17:30 UTC

Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.

CVE-2009-3788 opendocman vulnerability CVSS: 7.5 26 Oct 2009, 17:30 UTC

SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.

CVE-2008-2787 opendocman vulnerability CVSS: 4.3 20 Jun 2008, 11:48 UTC

Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the last_message parameter.

CVE-2008-2788 opendocman vulnerability CVSS: 4.3 20 Jun 2008, 11:48 UTC

Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.

CVE-2006-5655 opendocman vulnerability CVSS: 7.5 03 Nov 2006, 00:07 UTC

SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter.