MidnightBSD

Advisories for cafuego

CVE-2005-3877 HIGH

Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
cafuego simple_document_management_system 1.1.4
cafuego simple_document_management_system 1.1.6
cafuego simple_document_management_system 1.1.5
cafuego simple_document_management_system *
CVE-2010-4986 HIGH

SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
cafuego simple_document_management_system 1.1.4
cafuego simple_document_management_system 1.1.6
cafuego simple_document_management_system 1.1.5