Vulnerabilities > CVE-2019-5916 - Expression Language Injection vulnerability in D-Circle Power EGG

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

d-circle

CWE-917

critical

NVD

Published: 2019-02-13

Updated: 2020-09-10

Summary

Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and earlier, Ver 2.7 Patch 6 and earlier, Ver 2.7 Government Edition Patch 7 and earlier, Ver 2.8 Patch 6 and earlier, Ver 2.8c Patch 5 and earlier, Ver 2.9 Patch 4 and earlier) allows remote attackers to execute EL expression on the server via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	D-Circle D Circle Power EGG 2.0.1 D Circle Power EGG 2.1 D Circle Power EGG 2.0.2 D Circle Power EGG 2.2 D Circle Power EGG 2.3 D Circle Power EGG 2.4 D Circle Power EGG 2.5 D Circle Power EGG 2.6 D Circle Power EGG 2.7 D Circle Power EGG 2.8 D Circle Power EGG 2.8C D Circle Power EGG 2.9	13

Common Weakness Enumeration (CWE)

CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References