漏洞描述
AtlassianConfluence是Atlassian公司出品的专业wiki程序。攻击者可利用漏洞在未经身份验证的情况下,远程构造OGNL表达式进行注入,在ConfluenceServer或Data Center上执行任意代码。
Atlassian Confluence 远程代码执行漏洞(CVE-2022-26134)
PoC代码
暂无相关漏洞推荐
- Atlassian Confluence /json/setup-restore.action 文件上传漏洞(CVE-2023-22518)
- POC CVE-2015-8399: Atlassian Confluence <5.8.17 - Information Disclosure
- POC CVE-2019-3396: Atlassian Confluence Server - Path Traversal
- POC CVE-2019-3398: Atlassian Confluence Download Attachments - Remote Code Execution
- POC CVE-2021-26085: Atlassian Confluence Server - Local File Inclusion
- POC CVE-2023-22515: Atlassian Confluence - Privilege Escalation
- POC CVE-2023-22518: Atlassian Confluence Server - Improper Authorization
- POC CVE-2023-22527: Atlassian Confluence - Remote Code Execution
- POC CVE-2024-21683: Atlassian Confluence Data Center and Server - Remote Code Execution
- POC CVE-2015-8399: Atlassian Confluence configuration files read
- POC CVE-2022-26134: Atlassian Confluence OGNL注入漏洞
- POC CVE-2023-22515: Atlassian Confluence - Privilege Escalation
- POC CVE-2023-22518: Atlassian Confluence Server - Improper Authorization