Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-36hf-6hp2-9g4c

Опубликовано: 12 нояб. 2019
Источник: github
Github: Прошло ревью
CVSS3: 4.3

Описание

Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.

Ссылки

Пакеты

Наименование

org.opencms:opencms-core

maven
Затронутые версииВерсия исправления

< 11.0.1

11.0.1

EPSS

Процентиль: 88%
0.04138
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2019-13237

Дефекты

CWE-200
CWE-22

Связанные уязвимости

nvd логотип

CVE-2019-13237

CVSS3: 4.3
nvd
больше 6 лет назад

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.

EPSS

Процентиль: 88%
0.04138
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2019-13237

Дефекты

CWE-200
CWE-22