CVE-2021-45834

Name of the Vulnerable Software and Affected Versions OpenDocMan version 1.4.4

Description An attacker can upload or transfer files of dangerous types to the OpenDocMan portal via the "add.php" endpoint using MIME-bypass. This may lead to arbitrary code execution or automatic processing within the product's environment.

Recommendations For OpenDocMan version 1.4.4, consider restricting access to the "add.php" endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, restrict the upload of files to only necessary and safe types to prevent potential arbitrary code execution.