ObjectPlanet Opinio prior to 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
objectplanet opinio |