Vulnerability feed

Vulnerability

CVE-2018-14667

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2018-14667
Description:: The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Last updated date:: 01/27/2025

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 09/28/2023
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/30/2018
Reference url to background: https://github.com/syriusbughunt/CVE-2018-14667

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/23/2019
Reference url to background: https://github.com/Venscor/CVE-2018-14667-poc

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/26/2020
Reference url to background: https://www.slideshare.net/joaomatosff/a-little-bit-about-code-injection-in-webapplication-frameworks-cve201814667-h2hc-2018

Vulnerability Feed Contributors About Blog

@inTheWild

©2025 |