VULHUB ™

It is reported that OpenDocMan contains an access bypass vulnerability. This vulnerability could be exploited to create, update, or delete users, departments or categories without proper authorization. An attacker requires an account in the application. Once logged into the application, they can issue requests to the vulnerable script and commit changes that only the administrator should be able to do. By exploiting this vulnerability, an attacker can gain administrator privileges in the application. They could also delete all user accounts, denying access to legitimate users. Other attacks are possible. Versions prior to 1.2 are reported vulnerable.

It is reported that OpenDocMan contains an access bypass vulnerability. This vulnerability could be exploited to create, update, or delete users, departments or categories without proper authorization. An attacker requires an account in the application. Once logged into the application, they can issue requests to the vulnerable script and commit changes that only the administrator should be able to do. By exploiting this vulnerability, an attacker can gain administrator privileges in the application. They could also delete all user accounts, denying access to legitimate users. Other attacks are possible. Versions prior to 1.2 are reported vulnerable.