This page aggregates publicly disclosed CVE and security risk information related to assetman, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-4161 | SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | [email protected] | 6.8 | 0.39% | 2008-09-22 | 2026-04-23 |
| CVE-2007-1427 | Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter. | [email protected] | 5.0 | 7.17% | 2007-03-13 | 2026-04-23 |