VYPR
Vendor

Letodms Project

Products
2
CVEs
10
Across products
11
Status
Private

Products

2

Recent CVEs

10
  • CVE-2012-4570CriOct 23, 2017
    risk 0.64cvss 9.8epss 0.02

    SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2012-4568HigOct 23, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2012-4385MedNov 13, 2019
    risk 0.45cvss 6.5epss 0.02

    letodms 3.3.6 has CSRF via change password

  • CVE-2012-4384MedNov 13, 2019
    risk 0.43cvss 6.1epss 0.02

    letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar

  • CVE-2012-4569MedOct 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-4567MedOct 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php.

  • CVE-2010-2006May 20, 2010
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2010-2007May 20, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php,…

  • CVE-2004-1733Aug 20, 2004
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.

  • CVE-2004-1732Aug 20, 2004
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.