Ofcms Security Vulnerabilities and Issues — Ofcms CVE List

Lucene search

Ofcms ProjectOfcms

4 matches found

CVE•added 2024/10/25 10:15 p.m.•43 views

CVE-2024-48236

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\FileUtils.java file

6.5CVSS7.6AI score0.00538EPSS

CVE•added 2024/10/25 10:15 p.m.•42 views

CVE-2024-48235

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file.

6.5CVSS7.6AI score0.00538EPSS

CVE•added 2022/06/02 2:15 p.m.•40 views

CVE-2022-29653

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

6.1CVSS6AI score0.00212EPSS

CVE•added 2019/03/06 10:29 p.m.•35 views

CVE-2019-9611

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, with ../ in the dir parameter, to write arbitrary content (in the file_content parameter) into an arbitrary file (specified by the file_name parameter). This is related to...

6.5CVSS6.5AI score0.00372EPSS