Vulnerability CVE-2020-26565


Published: 2021-07-31

Description:
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.

See advisories in our WLB2 database:
Topic
Author
Date
Low
ObjectPlanet Opinio 7.13 Expression Language Injection
Daniel Tan
01.08.2021

 References:
https://packetstormsecurity.com/files/163708/ObjectPlanet-Opinio-7.13-Expression-Language-Injection.html
https://www.objectplanet.com/opinio/changelog.html

Copyright 2021, cxsecurity.com

 

Back to Top