VYPR
Unrated severityNVD Advisory· Published Dec 7, 2013· Updated Jun 16, 2026

CVE-2013-4212

CVE-2013-4212

Description

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Apache/Roller5 versions
    cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*range: <=5.0.1
    • cpe:2.3:a:apache:roller:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:roller:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:roller:5.0:*:*:*:*:*:*:*
    • (no CPE)range: <5.0.2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.