Enviar #804293: CodeLibs Fess 15.5.1 Arbitrary File Write
| Título | CodeLibs Fess 15.5.1 Arbitrary File Write |
|---|---|
| Descripción | The update() method in AdminDesignAction writes user-supplied content directly to a JSP file on disk after passing it through decodeJsp(). The filter only escapes <% %> scriptlet tags and <%= %> expression tags — JSP EL expressions (${}) are not touched at all. An attacker with the admin-design role can inject JSP EL expressions into content. EL expressions are evaluated by the JSP/Servlet container at render time and can invoke arbitrary Java methods, achieving Remote Code Execution. |
| Fuente | ⚠️ https:/ |
| Usuario | R1ckyZ (UID 92331) |
| Sumisión | 2026-04-14 10:51 (hace 2 meses) |
| Moderación | 2026-05-09 08:09 (25 days later) |
| Estado | Aceptado |
| Entrada de VulDB | 362419 [codelibs Fess hasta 15.5.1 JSP File AdminDesignAction.java update content escalada de privilegios] |
| Puntos | 20 |