CVE-2023-43856

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java...

EUVD-2019-18981

Malware in sbrugna...

EUVD-2019-18982

Malware in sbrugna...

CVE-2024-12350

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

CVE-2019-9610

An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=resdir=../ directory traversal, related to the getTemplates function in TemplateController.java...

CVE-2019-6503

There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method...

CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...

CVE-2025-4260

CVE-2025-4260 affects youkefu by zhangyanbo2007 up to version 4.2.0. The vulnerability is in the function impsave of TemplateController.java (path m/web/handler/admin/system/TemplateController.java). The issue arises from manipulating the argument dataFile, which leads to a deserialization vulner...

CVE-2025-25784

An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2024-12350 JFinalCMS Template TemplateController.java update command injection

A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command...

CVE-2024-48235

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file...

OFSoft OFCMS 安全漏洞

OFSoft OFCMS is a content management system CMS developed in Java language by China Zhongtian Network OFSoft. A security vulnerability exists in OFSoft OFCMS version 1.1.2. An attacker can exploit this vulnerability to execute arbitrary code via the save method of the TemplateController.java file...

CVE-2024-8694 JFinalCMS com.cms.controller.admin.TemplateController update path traversal

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

CVE-2024-8694 JFinalCMS com.cms.controller.admin.TemplateController update path traversal

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is...

CVE-2023-43856

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java...

Dreamer CMS Security Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS version v4.1.3, which originates from an arbitrary file read vulnerability in the /admin/TemplateController.java component...

PT-2023-29012 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: The issue is related to an arbitrary file read vulnerability. It affects the component /admin/TemplateController.java. Recommendations: For Dreamer CMS version 4.1.3, consider restricting access to the...

ZrLog Directory Traversal Vulnerability

ZrLog is a blogging system developed using the Java language. A directory traversal vulnerability exists in ZrLog version 2.1.15, which stems from a lack of validity checking of paths in the admin.api.TemplateController deletion function when processing directory requests, and can be exploited by...

CVE-2020-27514

Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service DoS...