CVE-2006-3936

Alkacon OpenCms Exposes JSP Source Code in maven/org.opencms/opencms-core

Identifiers

GHSA-c5vw-342h-x5rx, CVE-2006-3936

Package Slug

maven/org.opencms/opencms-core

Vulnerability

Alkacon OpenCms Exposes JSP Source Code

Description

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

Affected Versions

All versions before 6.2.2

Solution

Upgrade to version 6.2.2 or above.

Last Modified

2024-02-13

source