Opendcim
by Opendcim
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28517 | Cri | 0.67 | 9.8 | 0.06 | Feb 27, 2026 | openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an… | ||
| CVE-2025-48701 | Med | 0.35 | 5.4 | 0.00 | May 23, 2025 | openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used. | ||
| CVE-2025-10253 | Low | 0.23 | 3.5 | 0.00 | Sep 11, 2025 | A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The… | ||
| CVE-2026-28516 | 0.03 | — | 0.01 | Feb 27, 2026 | openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or… | |||
| CVE-2026-28515 | 0.03 | — | 0.01 | Feb 27, 2026 | openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user… |
- risk 0.67cvss 9.8epss 0.06
openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an…
- risk 0.35cvss 5.4epss 0.00
openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The…
- CVE-2026-28516Feb 27, 2026risk 0.03cvss —epss 0.01
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or…
- CVE-2026-28515Feb 27, 2026risk 0.03cvss —epss 0.01
openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user…