5 matches found
Exploit for Code Injection in Xwiki
XWiki Platform Unauthenticated RCE Exploit Overview This s...
Exploit for Code Injection in Xwiki
CVE-2025-24893-PoC XWiki Unauthenticated RCE Exploit for Reve...
📄 XWiki Platform Remote Code Execution
This Metasploit module exploits a template injection vulnerability in the the XWiki Platform. XWiki includes a macro called SolrSearch defined in Main.SolrSearchMacros that enables full-text search through the embedded Solr engine. The vulnerability stems from the way this macro evaluates search...
Exploit for Code Injection in Xwiki
CVE-2025-24893 - XWiki Unauthenticated Remote Code Execution...
XWiki Platform SolrSearch Macro Remote Code Execution
XWiki Platform versions from 5.3-milestone-2 before 15.10.11 and from 16.0.0-rc-1 before 16.4.1 suffer from a Server-Side Template Injection SSTI due to the lack of sanitization of the SolrSearch Macro requests. By leveraging this vulnerability, a remote and unauthenticated attacker can achieve...