|
211611
|
7.2 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2019-9616
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211612
|
7.2 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
|
CWE-89
SQL Injection
|
CVE-2019-9615
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211613
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the com…
|
CWE-74
Injection
|
CVE-2019-9614
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211614
|
7.2 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9613
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211615
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/s…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9612
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211616
|
6.5 |
MEDIUM
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_…
|
CWE-22
Path Traversal
|
CVE-2019-9611
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211617
|
4.3 |
MEDIUM
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
|
CWE-22
Path Traversal
|
CVE-2019-9610
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211618
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/s…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9609
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211619
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9608
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211620
|
5.3 |
MEDIUM
Network
|
medical_store_script_project
|
medical_store_script
|
PHP Scripts Mall Medical Store Script 3.0.3 allows Path Traversal by navigating to the parent directory of a jpg or png file.
|
CWE-22
Path Traversal
|
CVE-2019-9607
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
