Exploit for #VU85413 Template injection in Atlassian Confluence Server and Confluence Data Center

Vulnerability identifier: #VU85413

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: CVE-2023-22527

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 14

• February 25, 2025
  • CVE-2023-22527 (An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22527 leads to RCE) [Github]
• October 25, 2024
  • Atlassian Confluence < 8.5.3 - Remote Code Execution [Exploit-DB]
• October 11, 2024
  • CVE-2023-22527 (script for exploiting CVE-2023-22527, which is described as a Server-Side Template Injection (SSTI) vulnerability in Atlassian Confluence) [Github]
• June 28, 2024
  • CVE-2023-22527-confluence ([Confluence] CVE-2023-22527 realworld poc) [Github]
• May 31, 2024
  • CVE-2023-22527 (Atlassian Confluence - Remote Code Execution) [Github]
• May 13, 2024
  • CVE-2023-22527-POC (A critical severity Remote Code Execution (RCE) vulnerability (CVE-2023-22527) was discovered in Confluence Server and Data Center. ) [Github]
• April 5, 2024
  • CVE-2023-22527 (CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC) [Github]
• March 22, 2024
  • CVE-2023-22527 (This repository presents a proof-of-concept of CVE-2023-22527) [Github]
  • CVE-2023-22527-MEMSHELL (confluence CVE-2023-22527 漏洞利用工具，支持冰蝎/哥斯拉内存马注入，支持设置 http 代理) [Github]
• March 4, 2024
  • CVE-2023-22527-Godzilla-MEMSHELL (CVE-2023-22527 内存马注入工具) [Github]
  • CVE-2023-22527_Confluence_RCE (CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server PoC) [Github]
• January 26, 2024
  • CVE-2023-22527 (Exploit for CVE-2023-22527 - Atlassian Confluence Data Center and Server) [Github]
• January 25, 2024
  • Atlassian Confluence SSTI Injection [Metasploit]
• January 23, 2024
  • CVE-2023-22527 (An Exploitation tool to exploit the confluence server that are vulnerable to CVE-2023-22527 leads to RCE) [Github]

Vulnerable software:
Atlassian Confluence Server
Server applications / Web servers
Confluence Data Center
Server applications / Other server solutions

Vendor: Atlassian