- Apache Struts2 is a web framework for creating Java web applications. It is using the OpenSymphony XWork and OGNL libraries. By default, XWork's ParametersInterceptor treats parameter names provided to actions as OGNL expressions. A OGNL (Object Graph Navigation Language) expression is a limited language similar to Java that is tokenized and parsed by the OGNL parser which invokes appropriate Java methods. Under certain circumstances it's possible to send custom OGNL statements and execute malicious Java code.
- Upgrade to Struts version 126.96.36.199
- WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
- WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
- PHP 4.3.0 file disclosure and possible code execution
- WordPress Plugin UpdraftPlus Backup and Restoration Security Bypass (1.9.50)
- WordPress Plugin MailUp newsletter sign-up form Security Bypass (1.3.2)