cbcvebase.
CVE-2014-1945
published 2014-03-09

CVE-2014-1945: SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.

PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.41%
69.2th percentile
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.

Affected

16 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 2.6.35 < 5.4.3015.4.301
linuxlinux_kernel>= 5.11.0 < 5.15.1955.15.195
linuxlinux_kernel>= 5.16.0 < 6.1.1566.1.156
linuxlinux_kernel>= 5.5.0 < 5.10.2465.10.246
linuxlinux_kernel>= 6.13.0 < 6.16.116.16.11
linuxlinux_kernel>= 6.17.0 < 6.17.16.17.1
linuxlinux_kernel>= 6.2.0 < 6.6.1106.6.110
linuxlinux_kernel>= 6.7.0 < 6.12.516.12.51
opendocmanopendocman<= 1.2.7.1
opendocmanopendocman
opendocmanopendocman
opendocmanopendocman
opendocmanopendocman
opendocmanopendocman
opendocmanopendocman
opendocmanopendocman

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.