CVE-2019-9614

Name of the Vulnerable Software and Affected Versions OFCMS versions prior to 1.1.3

Description A command execution issue exists in OFCMS. This issue can be exploited via a template file using the freemarker.template.utility.Execute function, allowing an attacker to execute arbitrary commands. The exploitation involves using the ${ ex("} syntax followed by the command.

Recommendations For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to template files or disabling the use of the freemarker.template.utility.Execute function until a patch is applied. Avoid using the ex variable in template files to minimize the risk of exploitation.