Command_Injection issue exists @ riches/pages/content/oper/Newsletter.jsp in branch master
The application's sendMail method calls an OS (shell) command with exec, at line 53 of riches\WEB-INF\src\java\com\checkmarx\samples\riches\oper\SendNewsletter.java, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, name_, which is retrieved by the application in the size="50"/></td></tr></table> method, at line 18 of riches\pages\content\oper\Newsletter.jsp.
Command_Injection issue exists @ riches/pages/content/oper/Newsletter.jsp in branch master
The application's sendMail method calls an OS (shell) command with exec, at line 53 of riches\WEB-INF\src\java\com\checkmarx\samples\riches\oper\SendNewsletter.java, using an untrusted string with the command to execute. This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack. The attacker may be able to inject the executed command via user input, name_, which is retrieved by the application in the size="50"/></td></tr></table> method, at line 18 of riches\pages\content\oper\Newsletter.jsp.
Severity: High
CWE:77
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines: 18 25
Code (Line #18):
Code (Line #25):