CVE-2006-3936
Description
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.496
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2006-3936 are fixed in Opencms-opencms-core 6.2.2 | Windows |
| Vulnerabilities CVE-2006-3936,CVE-2006-3935,CVE-2006-3934,CVE-2006-3933 are fixed in Opencms-opencms-core 6.2.2 | Windows |
| Vulnerabilities CVE-2006-3936 are fixed in Opencms-opencms-core for Linux 6.2.2 | Linux |
| Vulnerabilities CVE-2006-3936,CVE-2006-3935,CVE-2006-3934,CVE-2006-3933 are fixed in Opencms-opencms-core for Linux 6.2.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234