CVE-2023-50720

XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's...

CVE-2023-50719

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

EUVD-2022-2031

Malicious code in bioql PyPI...

XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)

Exploit Title: XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution RCE Date: 09/01/2025 Exploit Author: Maksim Rogov Vendor Homepage: https://www.xwiki.org/ Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: 5.3‑milestone‑2 ≤ v 'Remote Code Execution...

Linux Distros Unpatched Vulnerability : CVE-2025-24814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Core creation allows users to replace trusted configset files with arbitrary configuration Solr instances that 1 use the FileSystemConfigSetService component th...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Exploit Title: XWiki 15.10.10 - Unauthen...

Exploit for Code Injection in Xwiki

XWiki RCE Exploit PoC CVE-2025-24893 Overview This repos...

Exploit for Code Injection in Xwiki

CVE-2025-24893 — XWiki Unauthenticated RCE PoC Proof-of-Con...

Exploit for Code Injection in Xwiki

Infos This PoC first tests for the SSTI and if it works. It...

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the SolrSearch process. An attacker can execute arbitrary code on the server by sending a crafted request to the vulnerable endpoint. Workaround This vulnerability can be mitigated by editing Main.SolrSearchMacros in...

Solr search discloses password hashes of all users

Impact The Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. To reproduce, it is sufficient to search for propertyvalue:? AND reference:.password and then deselect the "Documen...

CVE-2023-50719 XWiki Platform Solr search discloses password hashes of all users

XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are...

CVE-2023-50720 XWiki Platform Solr search discloses email addresses of users

XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's...

Information Disclosure

Ezsystems/ezplatform-solr-search-engine is vulnerable to Information Disclosure. The vulnerability exists due to an authentication flaw in Endpoint.php, allowing an attacker to gain sensitive information...

Ibexa ezplatform-kernel download route allows filename change

Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...

Json response for search reveals Solr credentials

Impact An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected. Patches The issue is fixed in all supported versions of...

Download route allows filename change in eZpublish kernel

Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...

PT-2023-32990 · Ibexa · Ibexa Solr Search Engine

Name of the Vulnerable Software and Affected Versions: Ibexa Solr search engine versions affected versions not specified Description: The issue is related to an error in Ibexa's Solr search engine, potentially exposing Solr credentials. This is a critical issue affecting all supported versions of...

PT-2023-9238 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 7.2-rc-1 through 4.10.19 XWiki Platform versions 15.5.3 and earlier XWiki Platform versions prior to 15.10-rc-1 Description: The issue is related to the execution of arbitrary code in the XWiki Platform due to improper...

The vulnerability of the DataImportHandler module of the Apache Solr search server allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the DataImportHandler module of the Apache Solr search server lies in its error handling for the “dataConfig” request. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...