4 matches found
Apache OFBiz嵌套表达式任意UEL执行漏洞
Bugtraq ID:61369 CVE ID:CVE-2013-2250 Apache OFBiz是一款开源的ERP系统 Apache OFBiz没有正确校验参数值,如果提供的参数包含JUEL元字符,可导致执行任意统一表达式语言UEL函数 0 Apache OFBiz 10.04.01 - 10.04.05 Apache OFBiz 11.04.01 - 11.04.02 Apache OFBiz 12.04.01 厂商解决方案 Apache OFBiz 10.04.06, 11.04.03或12.04.02已经修复此漏洞,建议用户下载更新: http://ofbiz.apache.o...
CVE-2013-2250
Apache OFBiz is affected by CVE-2013-2250 due to improper validation of parameters containing JUEL metacharacters, allowing a remote attacker to trigger nested UEL expressions and execute arbitrary UEL functions. Impact is remote code execution with unauthenticated access. Affected versions: OFBi...
CVE-2013-2250
Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...
[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...