CVE-2019-13237

Name of the Vulnerable Software and Affected Versions Alkacon OpenCms versions 10.5.4 through 10.5.5

Description The issue affects multiple resources, making them vulnerable to Local File Inclusion. This allows an attacker to access server resources, including clearhistory.jsp, convertxml.jsp, group new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.

Recommendations For versions 10.5.4 and 10.5.5, restrict access to the vulnerable resources clearhistory.jsp, convertxml.jsp, group new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.