CVE-2006-3936

N/A Unknown

Published: July 31, 2006 Modified: April 16, 2026

Description

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/21193

Source: cve@mitre.org

Patch Vendor Advisory

http://securityreason.com/securityalert/1302

Source: cve@mitre.org

http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip

Source: cve@mitre.org

Patch

http://www.opencms.org/opencms/en/shownews.html?id=1002

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/441182/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/28001

Source: cve@mitre.org

http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt