Command Execution Vulnerability in OFCMS before 1.1.3 via Template File

Command Execution Vulnerability in OFCMS before 1.1.3 via Template File

CVE-2019-9614 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in OFCMS before 1.1.3. A command execution vulnerability exists via a template file with '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("' followed by the command.

Learn more about our Cms Pen Testing.