Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cafuego | simple_document_management_system | 1.1.4 |
| cafuego | simple_document_management_system | 1.1.6 |
| cafuego | simple_document_management_system | 1.1.5 |
| cafuego | simple_document_management_system | * |
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cafuego | simple_document_management_system | 1.1.4 |
| cafuego | simple_document_management_system | 1.1.6 |
| cafuego | simple_document_management_system | 1.1.5 |