2 matches found
Metasploit Wrap-Up
Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...
CVE-2021-26804
CVE-2021-26804 affects Centreon Web versions 19.10.18, 20.04.8, and 20.10.2. The issue stems from insecure permissions that allow a remote attacker to bypass validation by changing any file extension to ".gif" and uploading it via Administration/Parameters/Images, effectively enabling unauthorize...