What the vulnerability does
01Description
openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.
CVSS base score
5.4/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Key dates
02Disclosure timeline
May 23, 2025
CVE published
May 23, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-11506 PHPGurukul Beauty Parlour Management System search-appointment.php sql injection
CVE-2018-25128 SOCA Access Control System 180612 SQL Injection and Authentication Bypass
CVE-2024-12926 Codezips Project Management System advanced.php sql injection
CVE-2023-4200 SourceCodester Inventory Management System product_data.php. sql injection
CVE-2026-2247 SQL Injection in Clickedu's SaaS platform
