Exploit for #VU63958 Code Injection in Atlassian Confluence Server and Jira Data Center

Vulnerability identifier: #VU63958

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2022-26134

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 56

• June 21, 2024
  • CVE-2022-26134 (CVE-2022-26134 exploit script) [Github]
• January 19, 2023
  • CVE-2022-26134_check () [Github]
• October 31, 2022
  • cve_2022_26134 (Not the author of this script, reposting as original repo link is broken) [Github]
• October 25, 2022
  • CVE-2022-26134 () [Github]
• October 19, 2022
  • cve-2022-26134 (cve-2022-26134) [Github]
  • CVE-2022-26134 (在受影响的Confluence Server 和Data Center 版本中，存在一个OGNL 注入漏洞，该漏洞允许未经身份验证的攻击者在Confluence Server 或Data Center 服务器上执行任意代码。) [Github]
• October 16, 2022
  • CVE-2022-26134 (Confluence Server and Data Center存在一个远程代码执行漏洞，未经身份验证的攻击者可以利用该漏洞向目标服务器注入恶意ONGL表达式，进而在目标服务器上执行任意代码。) [Github]
  • CVE-2022-26134 (CVE-2022-26134) [Github]
  • CVE-2022-26134 (CVE-2022-26134poc) [Github]
• October 4, 2022
  • CVE-2022-26134-miam () [Github]
• August 22, 2022
  • CVE-2022-26134-Console (CVE-2022-26134-Console) [Github]
• July 24, 2022
  • CVE-2022-26134 (远程攻击者在Confluence未经身份验证的情况下，可构造OGNL表达式进行注入，实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc，方便getshell。) [Github]
• July 17, 2022
  • cve-2022-26134 (Just simple PoC for the Atlassian Jira exploit. Provides code execution for unauthorised user on a server.) [Github]
• July 13, 2022
  • confusploit (This is a python script that can be used with Shodan CLI to mass hunting Confluence Servers vulnerable to CVE-2022-26134) [Github]
• July 10, 2022
  • CVE-2022-26134 (confluence rce) [Github]
• July 6, 2022
  • CVE_2022_26134-detect () [Github]
  • cve-2022-26134 () [Github]
• July 5, 2022
  • CVE-2022-26134 (Atlassian Confluence (CVE-2022-26134) - Unauthenticated Remote code execution (RCE)) [Github]
  • CVE-2022-26134 (Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE).) [Github]
• June 29, 2022
  • CVE-2022-26134_conFLU (PoC for exploiting CVE-2022-26134 on Confluence) [Github]
• June 24, 2022
  • CVE-2022-26134 (Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)) [Github]
• June 22, 2022
  • CVE-2022-26134 ([PoC] Atlassian Confluence (CVE-2022-26134) - Unauthenticated OGNL injection vulnerability (RCE)) [Github]
• June 19, 2022
  • CVE-2022-26134 (「?」CVE-2022-26134 - Confluence Pre-Auth RCE) [Github]
• June 15, 2022
  • Confluence Data Center 7.18.0 - Remote Code Execution (RCE) [Exploit-DB]
• June 13, 2022
  • CVE-2022-26134-bis () [Github]
  • CVE-2022-26134 (CVE-2022-26134 - Pre-Auth Remote Code Execution via OGNL Injection) [Github]
  • CVE-2022-29464-bis () [Github]
• June 12, 2022
  • BotCon ([CVE-2022-26134] Attlasian Confluence RCE) [Github]
  • CVE-2022-26134 () [Github]
  • exploit_CVE-2022-26134 (CVE-2022-26134, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. This is CVE-2022-26134 expoitation script) [Github]
• June 9, 2022
  • CVE-2022-26134 (CVE-2022-26134) [Github]
  • CVE-2022-26134 () [Github]
  • ConfluentPwn (Atlassian confluence unauthenticated ONGL injection remote code execution scanner (CVE-2022-26134).) [Github]
• June 8, 2022
  • cve-2022-26134 (Implementation of CVE-2022-26134) [Github]
  • CVE-2022-26134 (CVE-2022-26134 Confluence OGNL Injection POC) [Github]
  • CVE-2022-26134 (Atlassian Confluence 远程代码执行漏洞（CVE-2022-26134）) [Github]
  • CVE-2022-26134-Confluence-RCE (Exploit for CVE-2022-26134: Confluence Pre-Auth Remote Code Execution via OGNL Injection ) [Github]
  • CVE-2022-26134-Confluence () [Github]
  • CVE-2022-26134 (Atlassian Confluence- Unauthenticated OGNL injection vulnerability (RCE) ) [Github]
• June 6, 2022
  • CVE-2022-26134 () [Github]
  • cve2022-26134exp (cve2022-26134) [Github]
  • CVE-2022-26134 () [Github]
  • Confluence-CVE-2022-26134 () [Github]
  • CVE-2022-26134 ([CVE-2022-26134]Confluence OGNL expression injected RCE with sandbox bypass.) [Github]
  • Serein (【懒人神器】一款图形化、批量采集url、批量对采集的url进行各种nday检测的工具。可用于src挖掘、cnvd挖掘、0day利用、打造自己的武器库等场景。可以批量利用Actively Exploited Atlassian Confluence 0Day CVE-2022-26134和DedeCMS v5.7.87 SQL注入 CVE-2022-23337。) [Github]
  • CVE-2022-26134 (Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability PoC) [Github]
  • CVE-2022-26134 (CVE-2022-26134 - Atlassian Confluence unauthenticated OGNL injection vulnerability (RCE).) [Github]
  • CVE-2022-26134 (Atlassian confluence poc) [Github]
  • CVE-2022-26134 () [Github]
  • CVE-2022-26134 () [Github]
  • Confluence-CVE-2022-26134 (CVE-2022-26134) [Github]
  • through_the_wire (CVE-2022-26134 Proof of Concept) [Github]
  • CVE-2022-26134 (（CVE-2022-26134）an unauthenticated and remote OGNL injection vulnerability resulting in code execution in the context of the Confluence server) [Github]
  • CVE_2022_26134-detect () [Github]
  • CVE-2022-26134 (Confluence Pre-Auth Remote Code Execution via OGNL Injection (CVE-2022-26134)) [Github]
  • CVE-2022-26134 (CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL injection) [Github]

Vulnerable software:
Atlassian Confluence Server
Server applications / Web servers
Jira Data Center
Server applications / Other server solutions

Vendor: Atlassian