VYPR

Mydms

by Letodms Project

CVEs (3)

  • CVE-2012-4567MedOct 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php.

  • CVE-2004-1733Aug 20, 2004
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.

  • CVE-2004-1732Aug 20, 2004
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.