王傑

**Name of the Vulnerable Software and Affected Versions** ofcms version 1.1.2 **Description** An issue in the software allows a remote attacker to execute arbitrary code via the `save` method of the `TemplateController.java` file. **Recommendations** For ofcms version 1.1.2, consider disabling the `save` method of the `TemplateController.java` file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ofcms version 1.1.2 **Description** The issue allows a remote attacker to execute arbitrary code via the `FileOutputStream` function in the `write` String method of the `FileUtils.java` file. This is located in the `ofcms-adminsrcmainjavacomofsoftcmscoreuitle` directory. **Recommendations** For ofcms version 1.1.2, consider disabling the `FileOutputStream` function in the `write` String method of the `FileUtils.java` file as a temporary workaround until a patch is available. Restrict access to the `FileUtils.java` file to minimize the risk of exploitation.