In Eclipse BIRT versions 4.8.0 and previous versions, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse business intelligence and reporting tools |