Ofcms Project: >> Ofcms >> 1.1.2 Security Vulnerabilities
An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.
CVSS Score
8.8
EPSS Score
0.032
Published
2019-03-06
An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-03-06
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.
CVSS Score
7.2
EPSS Score
0.023
Published
2019-03-06
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadFile URI.
CVSS Score
8.8
EPSS Score
0.022
Published
2019-03-06
Page 2