VYPR
Vendor

Opendcim

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-28517CriFeb 27, 2026
    risk 0.67cvss 9.8epss 0.06

    openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an…

  • CVE-2025-48701MedMay 23, 2025
    risk 0.35cvss 5.4epss 0.00

    openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.

  • CVE-2025-10253LowSep 11, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The…

  • CVE-2026-28516Feb 27, 2026
    risk 0.03cvss epss 0.01

    openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or…

  • CVE-2026-28515Feb 27, 2026
    risk 0.03cvss epss 0.01

    openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user…