{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/opendocman/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2019-25684"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","vulnerability","opendocman"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenDocMan 1.3.4 is susceptible to SQL injection attacks due to insufficient input validation. An unauthenticated attacker can inject malicious SQL code into the \u0026lsquo;where\u0026rsquo; parameter of the \u003ccode\u003esearch.php\u003c/code\u003e endpoint. This vulnerability allows attackers to bypass normal query restrictions, potentially leading to the extraction of sensitive data from the database. The vulnerability was published on 2026-04-05 and assigned CVE-2019-25684. Successful exploitation grants attackers unauthorized access to database contents without requiring authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an OpenDocMan 1.3.4 instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003e/search.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003ewhere\u003c/code\u003e parameter of the GET request.\u003c/li\u003e\n\u003cli\u003eThe web server passes the crafted SQL query to the database without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL code, potentially returning sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the database response containing the extracted information.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the extracted data for sensitive information such as usernames, passwords, or confidential documents.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to the complete compromise of the OpenDocMan database. An attacker can access sensitive information, including user credentials and confidential documents, potentially impacting all users of the affected OpenDocMan instance. There are no specific details about victim counts or targeted sectors available, but the impact could be widespread, depending on the deployment of OpenDocMan.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003ewhere\u003c/code\u003e parameter in \u003ccode\u003esearch.php\u003c/code\u003e to prevent SQL injection.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect attempts to exploit CVE-2019-25684 by monitoring for suspicious SQL syntax in the \u0026lsquo;where\u0026rsquo; parameter within web server logs.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of OpenDocMan that addresses this vulnerability when available.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual activity targeting the \u003ccode\u003esearch.php\u003c/code\u003e endpoint, as indicated in the attack chain.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-05T21:16:46Z","date_published":"2026-04-05T21:16:46Z","id":"/briefs/2026-04-opendocman-sqli/","summary":"OpenDocMan version 1.3.4 is vulnerable to SQL injection, allowing unauthenticated attackers to manipulate database queries via the 'where' parameter in search.php to extract sensitive information.","title":"OpenDocMan 1.3.4 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-opendocman-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Opendocman","version":"https://jsonfeed.org/version/1.1"}