Published: 05/12/2019 Updated: 22/01/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 655
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

Vulnerability Trend

Affected Products

Vendor Product Versions


source: wwwsecurityfocuscom/bid/52702/info Apache Struts2 is prone to a remote arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input Attackers can exploit this issue to upload arbitrary code and run it in the context of the webserver process This may facilitate unauthorized access or privileg ...