system/workplace/editors/editor.jsp in Alkacon OpenCms prior to 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alkacon opencms 6.2 |
||
alkacon opencms 6.2.1 |
||
alkacon opencms 6.0.3 |
||
alkacon opencms 6.0.4 |
||
alkacon opencms 6.0.0 |
||
alkacon opencms 6.0.2 |