Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ofcms project ofcms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-9611
An issue exists in OFCMS prior to 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This ...
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9608
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9609
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
Ofcms Project Ofcms
4
CVSSv2
CVE-2019-9610
An issue exists in OFCMS prior to 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9612
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9613
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9614
An issue exists in OFCMS prior to 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9615
An issue exists in OFCMS prior to 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9616
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9617
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
Ofcms Project Ofcms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »