Vulnerability Details CVE-2019-11445
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.241
EPSS Ranking 95.8%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2019-11445
-
cpe:2.3:a:openkm:openkm:5.1.7
-
cpe:2.3:a:openkm:openkm:5.1.8
-
cpe:2.3:a:openkm:openkm:6.3.2
-
cpe:2.3:a:openkm:openkm:6.3.3
-
cpe:2.3:a:openkm:openkm:6.3.4
-
cpe:2.3:a:openkm:openkm:6.3.5
-
cpe:2.3:a:openkm:openkm:6.3.6