During the recent holidays, a medium level vulnerability was discovered in DOCman. We found a query that wasn’t being properly escaped and could lead to an SQL Injection. There is no known exploit for this vulnerability and it would be very difficult to create one because there are other security measures in place.
At Joomlatools we are fanatic about security and even if DOCman 1.5.9 has recently been released, we recommend upgrading to 1.5.10 just to be on the safe side.
This vulnerability affects all versions of DOCman prior to 1.5.10. So if you’re using 1.5.9 or older, please upgrade to 1.5.10. If you’re using 1.4.1 or older, please upgrade to 1.4.2.
DOCman 1.x is no longer supported, and will not receive bug fixes & security updates.
Upgrading to DOCman 2.x is painless and preserves your data. You will get updates, as well technical support. And of course you are supporting a quality GPL-licensed Joomla extension!