14 matches found
EUVD-2019-16062
Malware in sbrugna...
CVE-2025-4260 zhangyanbo2007 youkefu TemplateController.java impsave deserialization
A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be...
CVE-2024-48235
OFCMS 1.1.2 is affected by a remote code execution vulnerability tied to the save method in TemplateController.java. This CVE (CVE-2024-48235) is documented across NVD and CVE records with consistent description: an attacker can trigger arbitrary code execution in OFCMS via that method. The avail...
CVE-2024-48235
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file...
CVE-2024-48235
An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file...
CVE-2023-43856
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java...
Design/Logic Flaw
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java...
CVE-2023-43856
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java...
CVE-2023-43856
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java...
CVE-2023-43856
Dreamer CMS v4.1.3 is affected by an arbitrary file read vulnerability in the /admin/TemplateController.java component. The issue is documented across multiple sources (CVE-2023-43856) with a CVSS v3.1 base score of 7.5 (HIGH) and no user interaction required; attack vector is network with no pri...
CVE-2019-9611
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...
CVE-2019-9610
OFCMS prior to 1.1.3 is affected by a directory traversal in getTemplates.html exposed through admin/cms/template/getTemplates.html?res_path=res&up_dir=../, related to TemplateController.java. The vulnerability allows traversal of directories via the up_dir parameter, as described across CVE/comm...
CVE-2019-9611
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...
CVE-2019-6503
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method...