PT-2025-48268 · Unknown · Wirtualna Uczelnia
Marcin Ressel
·
Publicado
2025-11-27
·
Atualizado
2025-11-27
·
CVE-2025-12140
CVSS v4.0
9.3
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Wirtualna Uczelnia versions prior to wu#2016.1.5513#0#20251014 113353
Description
The application has an insecure 'redirectToUrl' mechanism that incorrectly processes the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, potentially allowing an unauthenticated attacker to execute arbitrary code. The vulnerable component is the processing of the
redirectUrlParameter parameter within the 'redirectToUrl' mechanism.Recommendations
Update Wirtualna Uczelnia to version wu#2016.1.5513#0#20251014 113353 or later.
Correção
RCE
Eval Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wirtualna Uczelnia