Fumiao OpenCMS Path Traversal Vulnerability in DataPage.jsp

Vulnerability

A path traversal vulnerability has been identified in Fumiao OpenCMS versions up to commit a0fafa5cff58719e9b27c2a2eec204cc165ce14f. The issue arises from an unknown function in the file dataPage.jsp, located in the opencms-dev/src/main/webapp/view/admin/document/ directory. The vulnerability allows remote attackers to manipulate the 'path' argument, potentially leading to arbitrary file read.

Impact

Exploitation of this vulnerability allows for arbitrary file read, which could lead to the disclosure of sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fumiao OpenCMS Path Traversal Vulnerability in DataPage.jsp

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating