OpenCMS versions 6.2.1, 6.2, 6.0.3, and 6.0.4 are vulnerable to multiple access control and input validation vulnerabilities. Other versions may be vulnerable as well. Authenticated users can perform attacks allow arbitrary file access, viewing the source of JSP files, the uploading of malicious files, and more.