When adding a new SMTP server in Lucee Admin (doesn’t seem to matter the name of the server or what username/password is entered) I’m getting an “invalid syntax, variables are not supported” error message. The page lucee/admin/index.cfm?action=services.mail is returning a 500 error.
Then you have something set up to not show any detailed error messages. Another place to look for those errors is Lucees application.log file. See this post, it might help you:
I appreciate your help. Here’s the error logged in application.log:
“ERROR”,“http-nio-8888-exec-10”,“07/18/2024”,“11:33:42”,“webadmin6.0.3.1”,“invalid syntax, variables are not supported.;lucee.runtime.interpreter.SecurityInterpreterException: invalid syntax, variables are not supported.
at lucee.runtime.interpreter.ref.var.Variable.getValue(Variable.java:67)
at lucee.runtime.interpreter.CFMLExpressionInterpreter.interpretPart(CFMLExpressionInterpreter.java:279)
at lucee.runtime.interpreter.VariableInterpreter.parse(VariableInterpreter.java:492)
at lucee.runtime.interpreter.VariableInterpreter.getVariableEL(VariableInterpreter.java:224)
at services_mail_cfm414$cf.call(/admin/services.mail.cfm:119)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1060)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:952)
at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:933)
at web_cfm$cf.call(/admin/web.cfm:514)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1060)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:952)
at lucee.runtime.PageContextImpl.doInclude(PageContextImpl.java:933)
at index_cfm$cf.call(/admin/index.cfm:3)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:1060)
at lucee.runtime.PageContextImpl._doInclude(PageContextImpl.java:952)
at lucee.runtime.listener.ModernAppListener._onRequest(ModernAppListener.java:220)
at lucee.runtime.listener.ModernAppListener.onRequest(ModernAppListener.java:107)
at lucee.runtime.PageContextImpl.execute(PageContextImpl.java:2716)
at lucee.runtime.PageContextImpl._execute(PageContextImpl.java:2702)
at lucee.runtime.PageContextImpl.executeCFML(PageContextImpl.java:2673)
at lucee.runtime.engine.Request.exe(Request.java:45)
at lucee.runtime.engine.CFMLEngineImpl._service(CFMLEngineImpl.java:1259)
at lucee.runtime.engine.CFMLEngineImpl.serviceCFML(CFMLEngineImpl.java:1205)
at lucee.loader.engine.CFMLEngineWrapper.serviceCFML(CFMLEngineWrapper.java:97)
at lucee.loader.servlet.CFMLServlet.service(CFMLServlet.java:51)
…”
ahhh ok. you might have vulnerable code because of this RCE at number III, and that is blocked by default by Lucee. Try changing your code in such a manner that it doesn’t use such vulnerable code (e.g. change a isdefined() to a structKeyExists()). If you can’t do that, you need to make sure that the code/content that is being passed as an arguement to those vulnerable functions is safe.