CX Command_Injection @ riches/pages/content/oper/Newsletter.jsp [master]

[kmcdon83]

Command_Injection issue exists @ riches/pages/content/oper/Newsletter.jsp in branch master

The application's sendMail method calls an OS (shell) command with exec, at line 53 of riches\WEB-INF\src\java\com\fortify\samples\riches\oper\SendNewsletter.java, using an untrusted string with the command to execute.  
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, name_, which is retrieved by the application in the size="50"/></td></tr></table> method, at line 18 of riches\pages\content\oper\Newsletter.jsp.

Severity: High

CWE:77

Vulnerability details and guidance

Internal Guidance

Checkmarx

Lines: 18 25

---

Code (Line #18):

                            <table cellpadding="0" cellspacing="0"><tr ><td style="border:0px" width="50px"><strong>Subject:</strong></td><td style="border:0px"><s:textfield label="Subject" name="subject" size="50"/></td></tr></table>

---

Code (Line #25):

                                        <td colspan="2" align="left"><s:textarea label="Body" name="body" cols="114" rows="12"/></td>

---

[kmcdon83]

Issue still exists.