Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ofcms project ofcms vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-9611
An issue exists in OFCMS prior to 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This ...
Ofcms Project Ofcms
578
VMScore
CVE-2019-9608
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
Ofcms Project Ofcms
578
VMScore
CVE-2019-9609
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
Ofcms Project Ofcms
356
VMScore
CVE-2019-9610
An issue exists in OFCMS prior to 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
Ofcms Project Ofcms
578
VMScore
CVE-2019-9612
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
Ofcms Project Ofcms
578
VMScore
CVE-2019-9613
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
Ofcms Project Ofcms
578
VMScore
CVE-2019-9614
An issue exists in OFCMS prior to 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
Ofcms Project Ofcms
578
VMScore
CVE-2019-9615
An issue exists in OFCMS prior to 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
Ofcms Project Ofcms
578
VMScore
CVE-2019-9616
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
Ofcms Project Ofcms
578
VMScore
CVE-2019-9617
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
Ofcms Project Ofcms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »