|
218211
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9617
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218212
|
7.2 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2019-9616
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218213
|
7.2 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
|
CWE-89
SQL Injection
|
CVE-2019-9615
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218214
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the com…
|
CWE-74
Injection
|
CVE-2019-9614
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218215
|
7.2 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9613
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218216
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/s…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9612
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218217
|
6.5 |
MEDIUM
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_…
|
CWE-22
Path Traversal
|
CVE-2019-9611
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218218
|
4.3 |
MEDIUM
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
|
CWE-22
Path Traversal
|
CVE-2019-9610
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218219
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/s…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9609
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218220
|
8.8 |
HIGH
Network
|
ofcms_project
|
ofcms
|
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/uedito…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2019-9608
|
2024-11-21 13:51 |
2019-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
