CVE-2019-9608

2022-10-0316:19:40

mitre

www.cve.org

ofcms

remote code execution

arbitrary code

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadImage URI.

References

www.seebug.org/vuldb/ssvid-97832