2 matches found
OFCMS backend ueditor uploadScrawl file upload vulnerability
OFCMS is a content management system based on Java technology. A backend ueditor uploadScrawl file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files that fails to take into account the file.jsp::$DATA of the...
CVE-2019-9613
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...