CVE-2019-9616
The CVE-2019-9616 issue affects OFCMS prior to version 1.1.3. The vulnerability arises from blocking of .jsp and .jspx files not accounting for file.jsp::$DATA in the admin/ueditor/uploadScrawl URI, enabling a remote attacker to execute arbitrary code. Affected component: OFCMS backend upload han...