OpenKM allows administrative users (those having the AdminRole) to run bean shell scripts. Due to this permission an attacker could lure an OpenKM administrator to a malicious web page that causes arbitrary OS commands to run in the administrators OpenKM session context.
CVE Link
Exploit Type - Old
Exploits/Client Side
Exploit Platform
Exploit Type
Product Name