Omnidocs

omnidocs

Vendor: Newgensoft • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-65742 1Newgensoft 1Omnidocs Dec 23, 2025 Dec 15, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.
CVE-2011-3645 1Newgensoft 1Omnidocs Apr 29, 2026 Sep 27, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex par...Show more Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.Show less
CVE-2010-0701 1Newgensoft 1Omnidocs Apr 29, 2026 Feb 23, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.