Openkm Community Edition
Monthly
Remote code execution in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) allows authenticated administrators to execute arbitrary Java/BeanShell code via the /admin/Scripting endpoint using the action=Evaluate parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), though no active exploitation has been confirmed in CISA KEV; EPSS sits at 0.42% (62th percentile), reflecting moderate-but-not-widespread interest.
Authenticated SQL injection in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) lets administrative users execute arbitrary SQL against the application database through the /admin/DatabaseQuery endpoint's qs parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), enabling dumping of password hashes from OKM_USER, permission tampering, and data destruction. EPSS is very low (0.03%) and the bug requires high privileges (PR:H), so real-world risk is bounded but meaningful for any internet-facing OpenKM instance with weak admin credentials.
Path traversal in OpenKM's administrative scripting interface exposes arbitrary server-side files to authenticated administrators who supply attacker-controlled paths via the fsPath parameter at /admin/Scripting with action=Load. Both the Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) are affected, enabling exfiltration of /etc/passwd, database credential files, and JVM keystores accessible to the OpenKM process. No public exploit identified at time of analysis as a KEV entry, but publicly available exploit code exists via Exploit-DB (52520) and Terra System Labs' GitHub repository, raising the realistic risk for environments where admin credentials are shared, weak, or previously compromised.
Remote code execution in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) allows authenticated administrators to execute arbitrary Java/BeanShell code via the /admin/Scripting endpoint using the action=Evaluate parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), though no active exploitation has been confirmed in CISA KEV; EPSS sits at 0.42% (62th percentile), reflecting moderate-but-not-widespread interest.
Authenticated SQL injection in OpenKM Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) lets administrative users execute arbitrary SQL against the application database through the /admin/DatabaseQuery endpoint's qs parameter. Publicly available exploit code exists (Exploit-DB 52520 and a Nuclei template from Terra System Labs), enabling dumping of password hashes from OKM_USER, permission tampering, and data destruction. EPSS is very low (0.03%) and the bug requires high privileges (PR:H), so real-world risk is bounded but meaningful for any internet-facing OpenKM instance with weak admin credentials.
Path traversal in OpenKM's administrative scripting interface exposes arbitrary server-side files to authenticated administrators who supply attacker-controlled paths via the fsPath parameter at /admin/Scripting with action=Load. Both the Community Edition (≤6.3.12) and Professional Edition (≤7.1.47) are affected, enabling exfiltration of /etc/passwd, database credential files, and JVM keystores accessible to the OpenKM process. No public exploit identified at time of analysis as a KEV entry, but publicly available exploit code exists via Exploit-DB (52520) and Terra System Labs' GitHub repository, raising the realistic risk for environments where admin credentials are shared, weak, or previously compromised.