The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled.
This vulnerability allows remote attackers to execute arbitrary Java code on the affected server.
This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled.
This vulnerability allows remote attackers to execute arbitrary Java code on the affected server.
This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled.
CVE Link
Exploit Type - Old
Exploits/OS Command Injection/Known Vulnerabilities
Exploit Type
Product Name