| शीर्षक | CodeLibs Fess 15.5.1 Arbitrary File Write |
|---|
| विवरण | The update() method in AdminDesignAction writes user-supplied content directly to a JSP file on disk after passing it through decodeJsp(). The filter only escapes <% %> scriptlet tags and <%= %> expression tags — JSP EL expressions (${}) are not touched at all. An attacker with the admin-design role can inject JSP EL expressions into content. EL expressions are evaluated by the JSP/Servlet container at render time and can invoke arbitrary Java methods, achieving Remote Code Execution. |
|---|
| स्रोत | ⚠️ https://bv3acdnplbr.feishu.cn/docx/Kk1tdEAfAoV6kZxVozUc8UA4nog?from=from_copylink |
|---|
| उपयोगकर्ता | R1ckyZ (UID 92331) |
|---|
| सबमिशन | 14/04/2026 10:51 AM (2 महीनों पहले) |
|---|
| संयम | 09/05/2026 08:09 AM (25 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 362419 [codelibs Fess तक 15.5.1 JSP File AdminDesignAction.java update content अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|