Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ofcms project ofcms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-9608
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
Ofcms Project Ofcms
8.8
CVSSv3
CVE-2019-9609
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
Ofcms Project Ofcms
4.3
CVSSv3
CVE-2019-9610
An issue exists in OFCMS prior to 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
Ofcms Project Ofcms
8.8
CVSSv3
CVE-2019-9612
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
Ofcms Project Ofcms
7.2
CVSSv3
CVE-2019-9613
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
Ofcms Project Ofcms
8.8
CVSSv3
CVE-2019-9614
An issue exists in OFCMS prior to 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
Ofcms Project Ofcms
7.2
CVSSv3
CVE-2019-9615
An issue exists in OFCMS prior to 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
Ofcms Project Ofcms
7.2
CVSSv3
CVE-2019-9616
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
Ofcms Project Ofcms
8.8
CVSSv3
CVE-2019-9617
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
Ofcms Project Ofcms
6.5
CVSSv3
CVE-2019-9611
An issue exists in OFCMS prior to 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This ...
Ofcms Project Ofcms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »