cpe:/a:opendocman:opendocman:1.2.5 CVE-2009-3788 2009-10-26T13:30:00.593-04:00 2017-08-16T21:31:16.647-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-27T17:33:00.000-04:00 ALLOWS_OTHER_ACCESS SECUNIA 30750 BID 36777 OSVDB 59301 MISC http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt XF opendocman-user-sql-injection(53886) SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.