Lucene search
K

163 matches found

NVD
NVD
added 2019/03/06 10:29 p.m.46 views

CVE-2019-9615

An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java...

7.2CVSS7.2AI score0.01298EPSS
Exploits1References1
OSV
OSV
added 2019/03/06 10:29 p.m.4 views

CVE-2019-9610

An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...

4.3CVSS5.8AI score0.01362EPSS
Exploits1References1
OSV
OSV
added 2019/03/06 10:29 p.m.0 views

CVE-2019-9614

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with ' $ ex"' followed by the command...

8.8CVSS7.4AI score
Exploits0References1
NVD
NVD
added 2019/03/06 10:29 p.m.12 views

CVE-2019-9614

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with ' $ ex"' followed by the command...

8.8CVSS8.7AI score0.0257EPSS
Exploits1References1
NVD
NVD
added 2019/03/06 10:29 p.m.15 views

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

8.8CVSS9AI score0.02695EPSS
Exploits1References1
NVD
NVD
added 2019/03/06 10:29 p.m.19 views

CVE-2019-9608

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

8.8CVSS9AI score0.02695EPSS
Exploits1References1
NVD
NVD
added 2019/03/06 10:29 p.m.15 views

CVE-2019-9613

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadVideo URI...

7.2CVSS7.4AI score0.02708EPSS
Exploits1References1
Prion
Prion
added 2019/03/06 10:29 p.m.9 views

Directory traversal

An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...

4CVSS4.7AI score0.01362EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/03/06 10:29 p.m.3 views

CVE-2019-9609

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...

8.8CVSS7.6AI score0.02695EPSS
Exploits1References1
NVD
NVD
added 2019/03/06 10:29 p.m.16 views

CVE-2019-9616

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadScrawl URI...

7.2CVSS7.4AI score0.02708EPSS
Exploits1References1
OSV
OSV
added 2019/03/06 10:29 p.m.3 views

CVE-2019-9615

An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java...

7.2CVSS7.1AI score0.01298EPSS
Exploits1References1
Prion
Prion
added 2019/03/06 10:29 p.m.12 views

Sql injection

An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java...

6.5CVSS7.1AI score0.01298EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/03/06 10:29 p.m.16 views

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...

6.5CVSS6.5AI score0.01441EPSS
Exploits1References1
Prion
Prion
added 2019/03/06 10:29 p.m.11 views

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

6.5CVSS9AI score0.02695EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/03/06 10:29 p.m.9 views

CVE-2019-9610

An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...

4.3CVSS4.6AI score0.01362EPSS
Exploits1References1
Prion
Prion
added 2019/03/06 10:29 p.m.11 views

Command injection

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with ' $ ex"' followed by the command...

6.5CVSS8.6AI score0.0257EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/03/06 10:29 p.m.11 views

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

6.5CVSS9AI score0.02695EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/03/06 10:29 p.m.14 views

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...

6.5CVSS9AI score0.02695EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/03/06 10:29 p.m.11 views

Code injection

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadScrawl URI...

6.5CVSS7.4AI score0.02708EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/03/06 10:29 p.m.13 views

CVE-2019-9617

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...

8.8CVSS9AI score0.02749EPSS
Exploits1References1
Rows per page
Query Builder