CVE-2014-2317

medium

Published 2014-03-09 · Modified 2026-05-06

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.opendocman.com/opendocman-v1-2-7-2-released

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/56189

Application impact

Vendor	Product	Versions
opendocman	opendocman	`{"endIncluding":"1.2.7.1"}`
opendocman	opendocman	`1.2.6.2`
opendocman	opendocman	`1.2.6.3`
opendocman	opendocman	`1.2.6.5`
opendocman	opendocman	`1.2.6.6`
opendocman	opendocman	`1.2.6.7`
opendocman	opendocman	`1.2.6.8`
opendocman	opendocman	`1.2.7`

References

CWEs

CWE-89

Verify integrity in audit chain (admin only). AS-IS.