Remote Code Execution Vulnerability in ofcms by Ofsoft
CVE-2024-48236

6.5MEDIUM

Key Information:

Vendor: Ofsoft
Status: ofcms
Vendor: CVE Published:; 25 October 2024

What is CVE-2024-48236?

An issue in ofcms version 1.1.2 allows remote attackers to execute arbitrary code by leveraging a flaw in the FileOutputStream function within the write String method of FileUtils.java. This vulnerability highlights a significant security risk that can be exploited to manipulate or control affected systems, making it crucial for users to update to a secure version promptly. For more information, please visit the reference link.

References

https://gitee.com/oufu/ofcms/issues/IASIBT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 8, 2024

CVE-2024-48236 Data

JSON