### [CVE-2018-14667](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14667)
![](https://img.shields.io/static/v1?label=Product&message=RichFaces&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20affected%203.X%20through%203.3.4%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94&color=brighgreen)

### Description

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

### POC

#### Reference
- http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Cryin/Paper
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
- https://github.com/TheKalin/CVE-2018-12533
- https://github.com/Venscor/CVE-2018-14667-poc
- https://github.com/adnovum/richfaces-impl-patched
- https://github.com/llamaonsecurity/CVE-2018-12533
- https://github.com/lnick2023/nicenice
- https://github.com/nareshmail/cve-2018-14667
- https://github.com/pyperanger/boringtools
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/quandqn/cve-2018-14667
- https://github.com/r00t4dm/CVE-2018-14667
- https://github.com/rxxmses/CVE_parser
- https://github.com/syriusbughunt/CVE-2018-14667
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/zeroto01/CVE-2018-14667