CVE-2006-3934 – org.opencms:opencms-core

Package

Manager: maven
Name: org.opencms:opencms-core
Vulnerable Version: >=0 <6.2.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.00435 pctl0.62032

Details

Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

Metadata

Created: 2022-05-01T07:13:43Z
Modified: 2025-06-20T15:23:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-64hc-4jx3-62jp/GHSA-64hc-4jx3-62jp.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-64hc-4jx3-62jp
Finding: F063
Auto approve: 1