Vulnerabilities > Objectplanet > Opinio > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-31 CVE-2020-26565 Expression Language Injection vulnerability in Objectplanet Opinio
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter.
network
low complexity
objectplanet CWE-917
7.5
7.5
2021-07-31 CVE-2020-26806 Path Traversal vulnerability in Objectplanet Opinio
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.
network
low complexity
objectplanet CWE-22
8.8
8.8