Owndms

owndms

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-25580 1Owndms 1Owndms Apr 15, 2026 Mar 21, 2026 8.8 HIGH· v4 8.2 HIGH· v3 N/A· v2 ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstrea...Show more ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names.Show less
CVE-2018-18527 1Owndms 1Ownticket Nov 21, 2024 Oct 19, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-25580

1Owndms

Apr 15, 2026

Mar 21, 2026

8.8 HIGH· v4

8.2 HIGH· v3

N/A· v2

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names.Show less

CVE-2018-18527

1Owndms

1Ownticket

Nov 21, 2024

Oct 19, 2018

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.