Description
- A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals.
Remediation
- Upgrade to Struts 2.5.12 or Struts 2.3.34
References
Severity
Classification
Tags
Related Vulnerabilities
- WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
- Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.0)
- phpThumb() fltr[] parameter command injection vulnerability
- Drupal Remote Code Execution (SA-CORE-2018-002)
- Ektron CMS unauthenticated code execution and Local File Read