Document Management System
by Openkm
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41917 | Med | 0.32 | 4.9 | — | May 26, 2026 | OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with… | ||
| CVE-2019-11445 | 0.05 | — | 0.21 | Apr 22, 2019 | OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path… | |||
| CVE-2009-1503 | 0.03 | — | 0.00 | May 1, 2009 | Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
- risk 0.32cvss 4.9epss —
OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with…
- CVE-2019-11445Apr 22, 2019risk 0.05cvss —epss 0.21
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path…
- CVE-2009-1503May 1, 2009risk 0.03cvss —epss 0.00
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.