Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ofcms project ofcms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-9611
An issue exists in OFCMS prior to 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This ...
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9613
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9608
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9609
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
Ofcms Project Ofcms
4
CVSSv2
CVE-2019-9610
An issue exists in OFCMS prior to 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9612
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9614
An issue exists in OFCMS prior to 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9615
An issue exists in OFCMS prior to 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9616
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
Ofcms Project Ofcms
6.5
CVSSv2
CVE-2019-9617
An issue exists in OFCMS prior to 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
Ofcms Project Ofcms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »