Arbitrary Code Execution Vulnerability in JBoss RichFaces 4.5.3 through 4.5.17 (RF-14309)

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

Learn more about our Web Application Penetration Testing UK.