CWE-917
AllowedImproper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Abstraction: Base · Status: Incomplete
The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
170 vulnerabilities reference this CWE, most recent first.
GHSA-JPX2-4W5C-2W4J
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
{
"affected": [],
"aliases": [
"CVE-2020-7195"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "HIGH"
},
"details": "A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
"id": "GHSA-jpx2-4w5c-2w4j",
"modified": "2022-05-24T17:31:21Z",
"published": "2022-05-24T17:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7195"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JQ6G-P65R-44XR
Vulnerability from github – Published: 2022-05-17 00:29 – Updated: 2024-01-17 22:25Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.10"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.myfaces.core:myfaces-core-module"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.1"
},
{
"fixed": "2.0.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.1.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.myfaces.core:myfaces-core-module"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"fixed": "2.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2011-4343"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-17T22:25:44Z",
"nvd_published_at": "2017-08-08T21:29:00Z",
"severity": "HIGH"
},
"details": "Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.",
"id": "GHSA-jq6g-p65r-44xr",
"modified": "2024-01-17T22:25:44Z",
"published": "2022-05-17T00:29:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4343"
},
{
"type": "WEB",
"url": "https://github.com/apache/myfaces/commit/a74b551b2ce6e88101ff453389a761f230e428a1"
},
{
"type": "WEB",
"url": "https://github.com/apache/myfaces/commit/caee86e71ab8c5f038186158e9955887ed72a0fd"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/myfaces"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch"
},
{
"type": "WEB",
"url": "http://marc.info/?l=full-disclosure\u0026m=132313252814362"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache MyFaces Vulnerable to EL Injection"
}
GHSA-M384-PJ54-5VR2
Vulnerability from github – Published: 2023-07-12 12:31 – Updated: 2023-07-20 14:56SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.ambari:ambari"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-42009"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-12T17:29:48Z",
"nvd_published_at": "2023-07-12T10:15:09Z",
"severity": "HIGH"
},
"details": "SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.\n",
"id": "GHSA-m384-pj54-5vr2",
"modified": "2023-07-20T14:56:45Z",
"published": "2023-07-12T12:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42009"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/ambari"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Ambari Expression Language Injection vulnerability"
}
GHSA-MFXW-Q267-MGP6
Vulnerability from github – Published: 2026-03-30 21:31 – Updated: 2026-06-30 03:36Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.
{
"affected": [],
"aliases": [
"CVE-2026-34714"
],
"database_specific": {
"cwe_ids": [
"CWE-78",
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-30T19:16:26Z",
"severity": "CRITICAL"
},
"details": "Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configuration, because %{expr} injection occurs with tabpanel lacking P_MLE.",
"id": "GHSA-mfxw-q267-mgp6",
"modified": "2026-06-30T03:36:04Z",
"published": "2026-03-30T21:31:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34714"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-34714"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453139"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0272"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-34714.json"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/03/30/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/02/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/02/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/03/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MG3J-F44J-F628
Vulnerability from github – Published: 2023-02-20 06:30 – Updated: 2023-02-28 21:30Liima before 1.17.28 allows server-side template injection.
{
"affected": [],
"aliases": [
"CVE-2023-26092"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-20T05:15:00Z",
"severity": "CRITICAL"
},
"details": "Liima before 1.17.28 allows server-side template injection.",
"id": "GHSA-mg3j-f44j-f628",
"modified": "2023-02-28T21:30:17Z",
"published": "2023-02-20T06:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26092"
},
{
"type": "WEB",
"url": "https://github.com/liimaorg/liima/pull/678"
},
{
"type": "WEB",
"url": "https://github.com/liimaorg/liima/blob/master/release-changelog.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P4PJ-9G59-4PPV
Vulnerability from github – Published: 2020-08-19 21:04 – Updated: 2021-11-19 15:41Impact
Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution.
The vulnerable versions include: <=1.3.13 || >=1.4.0 <=1.4.6 || >=1.5.0 <=1.5.1 || >=1.6.0 <=1.6.3.
Example
foo:
path: /foo/{id}
defaults:
_sylius:
repository:
method: findSome
arguments:
entity: "expr:service('repository').find($id)"
In this case, $id can be prepared in a way that calls other services.
If you visit /foo/"~service('doctrine').getManager().getConnection().executeQuery("DELETE * FROM TABLE")~", it will result in a following expression expr:service('repository').find(""~service('doctrine').getManager().getConnection().executeQuery("DELETE * FROM TABLE")~""), which will execute a query on the currently connected database.
To find a vulnerability in your application, look for any routing definition that uses request parameters inside expression language.
Patches
This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.
Workarounds
The fix requires adding addslashes in ParametersParser::parseRequestValueExpression to sanitize user input before evaluating it using the expression language.
- return is_string($variable) ? sprintf('"%s"', $variable) : $variable;
+ return is_string($variable) ? sprintf('"%s"', addslashes($variable)) : $variable;
Acknowledgements
This security issue has been reported by Craig Blanchette (@isometriks), thanks a lot!
For more information
If you have any questions or comments about this advisory: * Email us at security@sylius.com
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "sylius/resource-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.4.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "sylius/resource-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "sylius/resource-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.6.0"
},
{
"fixed": "1.6.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "sylius/resource-bundle"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.3.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-15143"
],
"database_specific": {
"cwe_ids": [
"CWE-74",
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-19T20:30:42Z",
"nvd_published_at": "2020-08-20T01:17:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nRequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven\u0027t been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution.\n\nThe vulnerable versions include: `\u003c=1.3.13 || \u003e=1.4.0 \u003c=1.4.6 || \u003e=1.5.0 \u003c=1.5.1 || \u003e=1.6.0 \u003c=1.6.3`.\n\n### Example\n\n```yaml\nfoo:\n path: /foo/{id}\n defaults:\n _sylius:\n repository:\n method: findSome\n arguments:\n entity: \"expr:service(\u0027repository\u0027).find($id)\"\n```\n\nIn this case, `$id` can be prepared in a way that calls other services. \n\nIf you visit `/foo/\"~service(\u0027doctrine\u0027).getManager().getConnection().executeQuery(\"DELETE * FROM TABLE\")~\"`, it will result in a following expression `expr:service(\u0027repository\u0027).find(\"\"~service(\u0027doctrine\u0027).getManager().getConnection().executeQuery(\"DELETE * FROM TABLE\")~\"\")`, which will execute a query on the currently connected database.\n\nTo find a vulnerability in your application, look for any routing definition that uses request parameters inside expression language.\n\n### Patches\n\nThis issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched.\n\n### Workarounds\n\nThe fix requires adding `addslashes` in `ParametersParser::parseRequestValueExpression` to sanitize user input before evaluating it using the expression language.\n\n```php\n- return is_string($variable) ? sprintf(\u0027\"%s\"\u0027, $variable) : $variable;\n+ return is_string($variable) ? sprintf(\u0027\"%s\"\u0027, addslashes($variable)) : $variable;\n```\n\n### Acknowledgements\n\nThis security issue has been reported by Craig Blanchette (@isometriks), thanks a lot!\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Email us at [security@sylius.com](mailto:security@sylius.com)",
"id": "GHSA-p4pj-9g59-4ppv",
"modified": "2021-11-19T15:41:13Z",
"published": "2020-08-19T21:04:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-p4pj-9g59-4ppv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15143"
},
{
"type": "WEB",
"url": "https://github.com/Sylius/SyliusResourceBundle/commit/73ed8b8bb083f36c30ad7c3cec336f65d6a80650"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-15143.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/Sylius/SyliusResourceBundle"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Remote Code Execution in SyliusResourceBundle"
}
GHSA-P7W2-784M-QPQ9
Vulnerability from github – Published: 2023-07-12 12:31 – Updated: 2023-07-20 14:55SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.ambari:ambari"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-45855"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-12T17:29:53Z",
"nvd_published_at": "2023-07-12T10:15:09Z",
"severity": "HIGH"
},
"details": "SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely.\u00a0Users are recommended to upgrade to 2.7.7.\n",
"id": "GHSA-p7w2-784m-qpq9",
"modified": "2023-07-20T14:55:52Z",
"published": "2023-07-12T12:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45855"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/ambari"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Ambari Expression Language Injection vulnerability"
}
GHSA-PG5H-QRMM-8F3C
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
{
"affected": [],
"aliases": [
"CVE-2020-7157"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
"id": "GHSA-pg5h-qrmm-8f3c",
"modified": "2022-05-24T17:31:16Z",
"published": "2022-05-24T17:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7157"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PR98-23F8-JWXV
Vulnerability from github – Published: 2024-12-19 18:31 – Updated: 2025-01-03 19:05ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.
Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension.
A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "ch.qos.logback:logback-core"
},
"ranges": [
{
"events": [
{
"introduced": "1.4.0"
},
{
"fixed": "1.5.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "ch.qos.logback:logback-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.15"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-12798"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-19T22:22:09Z",
"nvd_published_at": "2024-12-19T16:15:07Z",
"severity": "MODERATE"
},
"details": "ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution.\n\nMalicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension.\n\nA successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.",
"id": "GHSA-pr98-23f8-jwxv",
"modified": "2025-01-03T19:05:25Z",
"published": "2024-12-19T18:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
},
{
"type": "WEB",
"url": "https://github.com/qos-ch/logback/commit/2cb6d520df7592ef1c3a198f1b5df3c10c93e183"
},
{
"type": "PACKAGE",
"url": "https://github.com/qos-ch/logback"
},
{
"type": "WEB",
"url": "https://logback.qos.ch/news.html#1.3.15"
},
{
"type": "WEB",
"url": "https://logback.qos.ch/news.html#1.5.13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/RE:L/U:Clear",
"type": "CVSS_V4"
}
],
"summary": "QOS.CH logback-core Expression Language Injection vulnerability"
}
GHSA-PX7W-55JQ-WG57
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
{
"affected": [],
"aliases": [
"CVE-2020-7141"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
"id": "GHSA-px7w-55jq-wg57",
"modified": "2022-05-24T17:31:14Z",
"published": "2022-05-24T17:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7141"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Avoid adding user-controlled data into an expression interpreter when possible.
Mitigation
- If user-controlled data must be added to an expression interpreter, one or more of the following should be performed:
- Validate that the user input will not evaluate as an expression
- Encode the user input in a way that ensures it is not evaluated as an expression
Mitigation
The framework or tooling might allow the developer to disable or deactivate the processing of EL expressions, such as setting the isELIgnored attribute for a JSP page to "true".
No CAPEC attack patterns related to this CWE.