Remote Code Execution (RCE) in a DoD website
Critical
U
U.S. Dept Of Defense
Submitted None
Team Summary
Official summary from U.S. Dept Of Defense
An application deserialization vulnerability was found in a misconfigured Department of Defense (DoD) website by @joaomatosf via POST/GET request. Impressive work. This showcases your skills! Thank you for supporting the DoD Vulnerability Disclosure Program!
Actions:
Reported by
joaomatosf
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Deserialization of Untrusted Data