CX Command_Injection @ riches/pages/content/oper/Admin.jsp [master] #314
Comments
|
Issue still exists. |
|
Issue still exists. |
2 similar comments
|
Issue still exists. |
|
Issue still exists. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Command_Injection issue exists @ riches/pages/content/oper/Admin.jsp in branch master
The application's sendMail method calls an OS (shell) command with exec, at line 66 of riches\WEB-INF\src\java\com\checkmarx\samples\riches\oper\SendMessage.java, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, name_, which is retrieved by the application in the rows="12"/></td> method, at line 30 of riches\pages\content\oper\Admin.jsp.
Severity: High
CWE:77
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines: 30
Code (Line #30):
The text was updated successfully, but these errors were encountered: