CVE-2025-48701

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-48701

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48701.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-48701

Published

2025-05-23T04:15:29Z

Modified

2025-05-24T03:00:02.993205Z

Summary

[none]

Details

openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.

References

https://github.com/opendcim/openDCIM/issues/1601

Affected packages

Git / github.com/opendcim/opendcim

Affected ranges

Type: GIT
Repo: https://github.com/opendcim/opendcim
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5e24d4c5daff7f3db12a90594b9ad56e136fc374

Affected versions

1.*

1.3

18.*

18.01

18.02

19.*

19.01

2.*

2.0

2.0.1

2.0.2

2.1

2.1-RC0

20.*

20.01

20.02

21.*

21.01

23.*

23.01

23.02

23.03

23.04

3.*

3.0

3.1

3.2

3.2.1

3.3

4.*

4.0-beta.1

4.0-beta.2

4.0.1

4.1

4.1.1

4.2

4.2-Release

4.3

4.3.1

4.4

4.5

openDCIM-1.*

openDCIM-1.3

openDCIM-1.5

openDCIM-1.5.1

openDCIM-1.5.2

openDCIM-18.*

openDCIM-18.01

openDCIM-2.*

openDCIM-2.0-RC0

openDCIM-21.*

openDCIM-21.01

openDICM-1.*

openDICM-1.4

v4.*

v4.0

v4.0a