Unrated severityNVD Advisory· Published Dec 7, 2013· Updated Jun 16, 2026
CVE-2013-4212
CVE-2013-4212
Description
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5Patches
Vulnerability mechanics
References
7- rollerweblogger.org/project/entry/apache_roller_5_0_2nvdPatch
- www.exploit-db.com/exploits/29859nvdExploit
- secunia.com/advisories/55862nvdVendor Advisory
- secunia.com/advisories/55877nvdVendor Advisory
- security.coverity.com/advisory/2013/Oct/remote-code-execution-in-apache-roller-via-ognl-injection.htmlnvd
- www.osvdb.org/100342nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/89239nvd
News mentions
0No linked articles in our index yet.