Shodan
Vulnerabilities
Vulnerable Software
Ofcms Project:  >> Ofcms  >> 1.1.2  Security Vulnerabilities
CVE-2024-48235
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-10-25
CVE-2024-48236
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file
CVSS Score
6.5
EPSS Score
0.005
Published
2024-10-25
CVE-2024-9411
A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/dict/add.json?sqlid=system.dict.save. The manipulation of the argument dict_value leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-10-01
CVE-2024-34256
OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.
CVSS Score
9.8
EPSS Score
0.004
Published
2024-05-14
CVE-2019-9608
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.
CVSS Score
8.8
EPSS Score
0.022
Published
2019-03-06
CVE-2019-9609
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/editUploadImage URI.
CVSS Score
8.8
EPSS Score
0.022
Published
2019-03-06
CVE-2019-9610
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory traversal, related to the getTemplates function in TemplateController.java.
CVSS Score
4.3
EPSS Score
0.001
Published
2019-03-06
CVE-2019-9611
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to the save function in TemplateController.java.
CVSS Score
6.5
EPSS Score
0.004
Published
2019-03-06
CVE-2019-9612
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/comn/service/upload URI.
CVSS Score
8.8
EPSS Score
0.022
Published
2019-03-06
CVE-2019-9613
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadVideo URI.
CVSS Score
7.2
EPSS Score
0.023
Published
2019-03-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved