CVE-2015-0279

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

Date published : 2015-03-26

https://bugzilla.redhat.com/show_bug.cgi?id=1192140

http://seclists.org/fulldisclosure/2019/Jul/21