Description

EL Injection allows an attacker to inject and evaluate dynamic expressions, potentially accessing internal data or executing unintended application logic.

Impact

Change the password after the security code has been compromised.

Recommendation

Validate on the server side that the answers to the questions are correct.

Threat

Any customer of the organization authorized from the Internet.

Expected Remediation Time

⏱️ 3600 minutes.

Requirements

Fixes