Improper restriction of the scope of accessible objects in Thymeleaf expressions

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing specific potential...

vShare<=2.8.1 SQL injection + Remote Command Execution

Unvalidated input results in SQL injection, remote command execution is highly likely after the compromise of the Admin username because of the risky requirements of Video Sharing scripts. I haven't attached a Video because it will disclose the SQL Injection location and posting a blank Video is...