The vulnerability of SpagoBI’s web interface for automating business processes allows a perpetrator to execute arbitrary code.

The vulnerability of SpagoBI’s web interface for automating business processes is related to the failure to take measures to neutralize special elements used in the command input field. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially craft...

PT-2022-8909 · Liferay · Liferay Portal Server

Name of the Vulnerable Software and Affected Versions: Liferay Portal Server versions 7.2.0 GA1 through 7.3.5 GA6 Description: The issue allows an administrator user to inject Groovy script, enabling the execution of any OS command on the Liferay Portal Server. This is disputed by the developer a...

CVE-2021-21248 Post-Auth Arbitrary Code execution via Groovy script injection

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability involving the build endpoint parameters. InputSpec is used to define parameters of a Build spec. It does so by using dynamically generated Groovy classes. A user able to control job paramete...