Alkacon OpenCms Exposes JSP Source Code

GHSA-c5vw-342h-x5rx · CVE-2006-3936

Published May 1, 2022 · Modified Feb 12, 2024

Description

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2006-3936
WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/28001
PACKAGE https://github.com/alkacon/opencms-core
WEB https://web.archive.org/web/20061014175017/http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt
WEB https://web.archive.org/web/20201208142708/http://www.securityfocus.com/archive/1/441182/100/0/threaded
WEB http://www.opencms.org/opencms/en/shownews.html?id=1002

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes