2 matches found
CVE-2019-9612
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...
CVE-2019-9612
CVE-2019-9612 affects OFCMS before 1.1.3. The issue arises in the backend file upload handling: blocking of .jsp/.jspx files fails to consider file.jsp::$DATA within the admin/comn/service/upload URI, enabling remote attackers to execute arbitrary code. This is a remote code execution vulnerabili...