OpenKM scripting Command Injection Exploit

OpenKM allows administrative users (those having the AdminRole) to run bean shell scripts. Due to this permission an attacker could lure an OpenKM administrator to a malicious web page that causes arbitrary OS commands to run in the administrators OpenKM session context.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-51465
Product Version: 
12.3
Released Date: 
Tuesday, May 15, 2012 - 00:00