إرسال #804293: CodeLibs Fess 15.5.1 Arbitrary File Writeالمعلومات

عنوان	CodeLibs Fess 15.5.1 Arbitrary File Write
الوصف	The update() method in AdminDesignAction writes user-supplied content directly to a JSP file on disk after passing it through decodeJsp(). The filter only escapes <% %> scriptlet tags and <%= %> expression tags — JSP EL expressions (${}) are not touched at all. An attacker with the admin-design role can inject JSP EL expressions into content. EL expressions are evaluated by the JSP/Servlet container at render time and can invoke arbitrary Java methods, achieving Remote Code Execution.
المصدر	⚠️ https://bv3acdnplbr.feishu.cn/docx/Kk1tdEAfAoV6kZxVozUc8UA4nog?from=from_copylink
المستخدم	R1ckyZ (UID 92331)
ارسال	14/04/2026 10:51 AM (2 أشهر منذ)
الاعتدال	09/05/2026 08:09 AM (25 days later)
الحالة	تمت الموافقة
إدخال VulDB	362419 [codelibs Fess حتى 15.5.1 JSP File AdminDesignAction.java update content تجاوز الصلاحيات]
النقاط	20

Interested in the pricing of exploits?

See the underground prices here!