In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
CPE | Name | Operator | Version |
---|---|---|---|
opencms_apollo_template | eq | 10.5.4 | |
opencms_apollo_template | eq | 10.5.5 |