CVE-2019-13237
published 2019-08-27CVE-2019-13237: In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources…
PriorityP433medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
7.35%
93.6th percentile
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alkacon | opencms_apollo_template | — | — |
| alkacon | opencms_apollo_template | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
ghsa·2019-11-12
CVE-2019-13237 [MEDIUM] CWE-200 Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
OSV
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
osv·2019-11-12
CVE-2019-13237 [MEDIUM] Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/154281/Alkacon-OpenCMS-10.5.x-Local-File-Inclusion.htmlhttps://aetsu.github.io/OpenCmshttps://github.com/alkacon/opencms-core/commits/branch_10_5_xhttp://packetstormsecurity.com/files/154281/Alkacon-OpenCMS-10.5.x-Local-File-Inclusion.htmlhttps://aetsu.github.io/OpenCmshttps://github.com/alkacon/opencms-core/commits/branch_10_5_x
2019-08-27
Published