/vulndb/Expression Language Injection

Expression Language Injection occurs when attacker controlled data enters an interpreter, i.e. the data is evaluated as code.

The vulnerability can be used to execute arbitrary server-side code.

Solution

Investigate the use of expression language syntax in your application and remove any vulnerable instances.

References

https://www.owasp.org/index.php/Expression_Language_Injection