The ParametersInterceptor in Apache Struts prior to 2.3.16.2 allows remote malicious users to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache struts |