32 matches found
JIZHICMS 代码问题漏洞
Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology Company. A code issue vulnerability exists in JIZHICMS version 2.4.5, which stems from a problem with the file TemplateController.php, where manipulation of th...
CVE-2022-31390
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Update function in app/admin/c/TemplateController.php...
CVE-2019-9610
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...
Directory traversal
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...
CVE-2019-9610
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...
Directory traversal
An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?respath=res directory traversal, with ../ in the dir parameter, to write arbitrary content in the filecontent parameter into an arbitrary file specified by the filename parameter. This is related to the...
CVE-2019-9610
An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?respath=res&updir=../ directory traversal, related to the getTemplates function in TemplateController.java...
CVE-2019-9611
CVE-2019-9611 affects OFCMS prior to 1.1.3. The issue enables a directory traversal via the admin/cms/template/getTemplates.html?res_path=res parameter, allowing ../ in dir to write arbitrary content (file_content) to an arbitrary file (file_name). Root cause: save function in TemplateController....
CVE-2019-6503
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method...
CVE-2019-6503
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method...
Deserialization of untrusted data
There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method...
Cross-site Scripting (XSS)
craftcms/cms is vulnerable to cross-site scripting XSS attacks. The library is does not restrict direct access to the TemplateController, allowing a malicious user to inject and execute arbitrary web script...