[MAVEN:GHSA-36HF-6HP2-9G4C] Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
Package | Affected Version |
---|---|
pkg:maven/org.opencms/opencms-core | < 11.0.1 |
Package | Fixed Version |
---|---|
pkg:maven/org.opencms/opencms-core | = 11.0.1 |
- ID
- MAVEN:GHSA-36HF-6HP2-9G4C
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-36hf-6hp2-9g4c
- Published
-
2019-11-12T22:58:14
(4 years ago) - Modified
-
2023-02-01T05:02:39
(19 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.opencms/opencms-core | org.opencms | opencms-core | < 11.0.1 | |||
Fixed | pkg:maven/org.opencms/opencms-core | org.opencms | opencms-core | = 11.0.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |