CVSSv4: NA |
CVSSv3: 8.8 |
CVSSv2: 6.5 |
VMScore: 980 |
EPSS: 0.00792 |
KEV: Not Included
Published: 05/12/2019 Updated: 21/11/2024
Vulnerability Summary
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
source: wwwsecurityfocuscom/bid/52702/info
Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input
Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process This may facilitate unauthorized access or privileg ...