High severity7.2OSV Advisory· Published Apr 22, 2019· Updated Jun 17, 2026
CVE-2019-11445
CVE-2019-11445
Description
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: v6.3.3, v6.3.5, v6.3.6
Patches
Vulnerability mechanics
References
2- pentest.com.tr/exploits/OpenKM-DM-6-3-7-Remote-Command-Execution-Metasploit.htmlnvdExploitThird Party Advisory
- www.exploit-db.com/exploits/46526nvdExploitThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.