Ofcms Project

Ofcms

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-9608

Exploit
  • EPSS 2.19%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:57

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.

8.8

CVE-2019-9617

Exploit
  • EPSS 2.19%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:58

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.

7.2

CVE-2019-9616

Exploit
  • EPSS 2.33%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:58

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.

7.2

CVE-2019-9615

Exploit
  • EPSS 0.26%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:58

An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.

8.8

CVE-2019-9614

Exploit
  • EPSS 3.17%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:58

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.

7.2

CVE-2019-9613

Exploit
  • EPSS 2.33%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:58

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.

8.8

CVE-2019-9612

Exploit
  • EPSS 2.19%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:58

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.

6.5

CVE-2019-9611

Exploit
  • EPSS 0.37%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:57

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specifie...

4.3

CVE-2019-9610

Exploit
  • EPSS 0.22%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:57

An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.

8.8

CVE-2019-9609

Exploit
  • EPSS 2.19%
  • Veröffentlicht 06.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:51:57

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.