Security Advisory

CVE-2019-9616

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-06 22:00:00

Last updated 2024-09-16 16:38:04

Assigner mitre

State PUBLISHED

Description

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider (for example) file.jsp::$DATA to the admin/ueditor/uploadScrawl URI.

← Browse all CVEs View on cve.org ↗