You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Command_Injection issue exists @ riches/pages/content/oper/Admin.jsp in branch master
The application's sendMail method calls an OS (shell) command with exec, at line 66 of riches\WEB-INF\src\java\com\fortify\samples\riches\oper\SendMessage.java, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, name_, which is retrieved by the application in the rows="12"/></td> method, at line 30 of riches\pages\content\oper\Admin.jsp.
Command_Injection issue exists @ riches/pages/content/oper/Admin.jsp in branch master
The application's sendMail method calls an OS (shell) command with exec, at line 66 of riches\WEB-INF\src\java\com\fortify\samples\riches\oper\SendMessage.java, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, name_, which is retrieved by the application in the rows="12"/></td> method, at line 30 of riches\pages\content\oper\Admin.jsp.
Severity: High
CWE:77
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines: 30
Code (Line #30):
The text was updated successfully, but these errors were encountered: