Strike ID:
E19-0tbo2
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
2
Year:
2019

Description

This strike exploits a file inclusion and remote command execution vulnerability in Atlassian Confluence Server. The vulnerability is due to improper sanitization of the template parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server and achieve file inclusion or achieve remote command execution by SSTI, inject malicious template and have it executed.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}