opencms-core is vulnerable to local file inclusion (LFI) vulnerability. It is possible because server resources such as: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp are accessible by the attacker through the management interface.