Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-31982

🗓️ 10 Apr 2024 19:38:01Reported by GitHub_MType 
cve
 cve🔗 web.nvd.nist.gov👁 137 Views

XWiki Platform version 2.4-milestone-1 before 4.10.20, 15.5.4, and 15.10-rc-1 allows remote code execution via database search text, impacting confidentiality, integrity, and availability. Patched in XWiki 14.10.20, 15.5.4, and 15.10RC1

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Code Injection in Xwiki
22 Jun 202408:47
githubexploit
GithubExploit		Exploit for Code Injection in Xwiki
22 Jun 202417:04
githubexploit
GithubExploit		Exploit for Code Injection in Xwiki
22 Jun 202421:20
githubexploit
Information Security Automation		New episode “In The Trend of VM” (#9): 4 trending vulnerabilities of October, scandal at The Linux Foundation, social “attack on the complainer”, “Ford’s method” for motivating IT specialists to fix vulnerabilities
28 Nov 202412:57
avleonov
Information Security Automation		About Remote Code Execution – XWiki Platform (CVE-2024-31982) vulnerability
31 Oct 202411:50
avleonov
Circl		CVE-2024-31982
22 Jun 202421:25
circl
CNNVD		XWiki Platform 安全漏洞
10 Apr 202400:00
cnnvd
Cvelist		CVE-2024-31982 XWiki Platform: Remote code execution as guest via DatabaseSearch
10 Apr 202419:38
cvelist
Github Security Blog		XWiki Platform: Remote code execution as guest via DatabaseSearch
10 Apr 202417:12
github
Nuclei		XWiki < 4.10.20 - Remote code execution
2 Jun 202610:14
nuclei
Rows per page
NVD
Vulners
Vulnrichment
Node
xwikixwikiRange2.414.10.20
OR
xwikixwikiRange15.015.5.4
OR
xwikixwikiRange15.615.10
[
  {
    "vendor": "xwiki",
    "product": "xwiki-platform",
    "versions": [
      {
        "version": ">= 2.4-milestone-1, < 14.10.20",
        "status": "affected"
      },
      {
        "version": ">= 15.0-rc-1, < 15.5.4",
        "status": "affected"
      },
      {
        "version": ">= 15.6-rc-1, < 15.10-rc-1",
        "status": "affected"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Sep 2025 17:15Current
9.7High risk
Vulners AI Score9.7
CVSS 3.19.8 - 10
EPSS0.94255
SSVC
CWE-95CWE-94
xwiki platformdatabase searchremote code executionconfidentialityintegrityavailabilityvulnerabilitypatched
137