Arbitrary OGNL Expression Execution in Apache Struts 2.0.0 - 2.3.15
CVE-2013-2251 · HIGH Severity
AV:N/AC:M/AU:N/C:C/I:C/A:C
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Learn more about our Web Application Penetration Testing UK.