WSTG-V42-INPV-11 on ZAP /alerttags/wstg-v42-inpv-11/ Recent content in WSTG-V42-INPV-11 on ZAP Hugo en-us Expression Language Injection /docs/alerts/90025/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90025/ <p>The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.</p> Log4Shell (CVE-2021-44228) /docs/alerts/40043-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40043-1/ <p>Apache Log4j2 &lt;=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.</p> Log4Shell (CVE-2021-45046) /docs/alerts/40043-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40043-2/ <p>It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.</p> Remote File Inclusion /docs/alerts/7/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/7/ <p>Remote File Include (RFI) is an attack technique used to exploit &ldquo;dynamic file include&rdquo; mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code.</p> Server Side Code Injection - ASP Code Injection /docs/alerts/90019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-2/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> Server Side Code Injection - PHP Code Injection /docs/alerts/90019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-1/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> Server Side Include /docs/alerts/40009/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40009/ <p>Certain parameters may cause Server Side Include commands to be executed. This may allow database connection or arbitrary code to be executed.</p> Text4shell (CVE-2022-42889) /docs/alerts/40047/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40047/ <p>Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).</p>