Local File Inclusion (LFI)

2019-08-2808:16:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.008 Low

EPSS

Percentile

82.1%

JSON

opencms-core is vulnerable to local file inclusion (LFI) vulnerability. It is possible because server resources such as: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp are accessible by the attacker through the management interface.

CPENameOperatorVersion
opencmsle10.5.4
opencmsle10.5.4

CPE	Name	Operator	Version
	opencms	le	10.5.4
	opencms	le	10.5.4

References

packetstormsecurity.com/files/154281/Alkacon-OpenCMS-10.5.x-Local-File-Inclusion.html

aetsu.github.io/OpenCms

github.com/alkacon/opencms-core/commit/13fc0b8c9a1d36b6541dd5a2debe15fb81de1f0f

github.com/alkacon/opencms-core/commits/branch_10_5_x

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for VERACODE:21391