CVE-2014-1945
published 2014-03-09CVE-2014-1945: SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.41%
69.2th percentile
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 2.6.35 < 5.4.301 | 5.4.301 |
| linux | linux_kernel | >= 5.11.0 < 5.15.195 | 5.15.195 |
| linux | linux_kernel | >= 5.16.0 < 6.1.156 | 6.1.156 |
| linux | linux_kernel | >= 5.5.0 < 5.10.246 | 5.10.246 |
| linux | linux_kernel | >= 6.13.0 < 6.16.11 | 6.16.11 |
| linux | linux_kernel | >= 6.17.0 < 6.17.1 | 6.17.1 |
| linux | linux_kernel | >= 6.2.0 < 6.6.110 | 6.6.110 |
| linux | linux_kernel | >= 6.7.0 < 6.12.51 | 6.12.51 |
| opendocman | opendocman | <= 1.2.7.1 | — |
| opendocman | opendocman | — | — |
| opendocman | opendocman | — | — |
| opendocman | opendocman | — | — |
| opendocman | opendocman | — | — |
| opendocman | opendocman | — | — |
| opendocman | opendocman | — | — |
| opendocman | opendocman | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
media: rc: fix races with imon_disconnect()
osv·2025-10-15
CVE-2025-39993 media: rc: fix races with imon_disconnect()
media: rc: fix races with imon_disconnect()
In the Linux kernel, the following vulnerability has been resolved:
media: rc: fix races with imon_disconnect()
Syzbot reports a KASAN issue as below:
BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]
BUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627
Read of size 4 at addr ffff8880256fb000 by task syz-executor314/4465
CPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433
kasan_repo
GHSA
GHSA-mmgj-46r8-x39q: SQL injection vulnerability in ajax_udf
ghsa_unreviewed·2022-05-17
CVE-2014-1945 [HIGH] CWE-89 GHSA-mmgj-46r8-x39q: SQL injection vulnerability in ajax_udf
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/56189http://www.opendocman.com/opendocman-v1-2-7-1-releasehttp://www.opendocman.com/opendocman-v1-2-7-2-releasedhttp://www.securityfocus.com/bid/65775https://www.htbridge.com/advisory/HTB23202http://secunia.com/advisories/56189http://www.opendocman.com/opendocman-v1-2-7-1-releasehttp://www.opendocman.com/opendocman-v1-2-7-2-releasedhttp://www.securityfocus.com/bid/65775https://www.htbridge.com/advisory/HTB23202
2014-03-09
Published