Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
XWiki Platform 安全漏洞
Vulnerability Description
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在安全漏洞,该漏洞源于允许具有编辑权限的任何用户通过在其用户配置文件或任何其他页面上添加相关实例来执行任意远程代码。以下版本受到影响:9.2-rc-1版本至14.10.21之前版本、15.0-rc-1版本至15.5.5之前版本和15.6-rc-1版本至15.10.2之前版本。
CVSS Information
N/A
Vulnerability Type
N/A