Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms prior to 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alkacon opencms 6.0.4 |
||
alkacon opencms 6.2 |
||
alkacon opencms 6.0.2 |
||
alkacon opencms 6.0.3 |
||
alkacon opencms 6.0.0 |
||
alkacon opencms |