cve/2013/CVE-2013-4212.md

### [CVE-2013-4212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4212)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ilmila/J2EEScan
- https://github.com/romanjeanpierre/Custom_SplunkDashboard
- https://github.com/ronoski/j2ee-rscan
- https://github.com/sourcery-ai-bot/Deep-Security-Reports
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2013-4212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4212)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ilmila/J2EEScan`
			`- https://github.com/romanjeanpierre/Custom_SplunkDashboard`
			`- https://github.com/ronoski/j2ee-rscan`
			`- https://github.com/sourcery-ai-bot/Deep-Security-Reports`