CVE-2025-1557

all versions

A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation

4.3MEDIUM

CVE-2024-48236

all versions

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String m

6.5MEDIUM

CVE-2024-48235

all versions

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file

6.5MEDIUM

CVE-2024-9411

all versions

A vulnerability classified as problematic has been found in OFCMS 1.1.2. This affects the function add of the file /admin/system/d

3.5LOW

CVE-2024-34256

all versions

OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function.

9.8CRITICAL

CVE-2023-51807

all versions

Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload

5.4MEDIUM

CVE-2023-24760

all versions

An issue found in Ofcms v.1.1.4 allows a remote attacker to escalate privileges via the respwd method in SysUserController.

8.8HIGH

CVE-2022-29653

all versions

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.jso

6.1MEDIUM

CVE-2022-27961

all versions

A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web script

5.4MEDIUM

CVE-2022-27960

all versions

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and

5.4MEDIUM

CVE-2019-9617

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx file

8.8HIGH

CVE-2019-9616

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx file

7.2HIGH

CVE-2019-9615

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerat

7.2HIGH

CVE-2019-9614

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="fre

8.8HIGH

CVE-2019-9613

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx file

7.2HIGH

CVE-2019-9612

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx file

8.8HIGH

CVE-2019-9611

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. It allows admin/cms/template/getTemplates.html?res_path=res directory traversal, wi

6.5MEDIUM

CVE-2019-9610

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. It has admin/cms/template/getTemplates.html?res_path=res&up_dir=../ directory trave

4.3MEDIUM

CVE-2019-9609

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx file

8.8HIGH

CVE-2019-9608

< 1.1.3

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx file

8.8HIGH