Lucene search
+L

5 matches found

packetstorm
packetstorm
added 2025/09/12 12:0 a.m.281 views

📄 Sitecore XP Post-Authentication Remote Code Execution

This Metasploit module exploits Sitecore XP with a path traversal that leads to remote code execution as well as a hardcoded credential vulnerability in the ServicesAPI account to gain a foothold. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS8.3AI score0.39961EPSS
Exploits7
redhatcve
redhatcve
added 2025/06/23 8:39 a.m.9 views

CVE-2025-34510

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

8.8CVSS7.3AI score0.09986EPSS
Exploits3References1
nvd
nvd
added 2025/06/17 7:15 p.m.17 views

CVE-2025-34510

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

8.8CVSS0.09986EPSS
Exploits3References2
vulnrichment
vulnrichment
added 2025/06/17 6:46 p.m.7 views

CVE-2025-34510 Sitecore XM, XC, and XP Post-Auth RCE via Zip Slip

Sitecore Experience Manager XM, Experience Platform XP, and Experience Commerce XC versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted HTTP request to upload a ZIP archive containing...

8.8CVSS7.5AI score0.09986EPSS
Exploits3References2
cve
cve
added 2025/06/17 6:46 p.m.74 views

CVE-2025-34510

Sitecore XP, XM, and XC (versions 9.0–9.3 and 10.0–10.4) are affected by Zip Slip leading to RCE. A remote, authenticated attacker can upload a ZIP with path traversal to write arbitrary files and execute code. Public references describe post-auth exploitation chains (including Metasploit modules...

8.8CVSS8.8AI score0.09986EPSS
Exploits3References2Affected Software4
Rows per page
Query Builder