An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco.
Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!
More Stories
Lazarus Hits Defense Firms with ThreatNeedle Malware
Executive Order Focuses on Supply Chain Risk Management
6,000 VMware vCenter Devices Vulnerable to Remote Attacks