Code injection

2019-05-0816:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

JSON

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

CPENameOperatorVersion
opencmsle10.5.4

CPE	Name	Operator	Version
	opencms	le	10.5.4

References

github.com/alkacon/opencms-core/issues/636

www.openwall.com/lists/oss-security/2019/05/05/2