CVE-2022-26134

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

POC

Reference

http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html

Github

https://github.com/murataydemir/CVE-2022-26134
https://github.com/hab1b0x/CVE-2022-26134
https://github.com/0x14dli/cve2022-26134exp
https://github.com/0xAgun/CVE-2022-26134
https://github.com/0xsyr0/OSCP
https://github.com/1derian/pocsuite3_pro
https://github.com/1rm/Confluence-CVE-2022-26134
https://github.com/404tk/lazyscan
https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/AmoloHT/CVE-2022-26134
https://github.com/Awrrays/FrameVul
https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
https://github.com/Brucetg/CVE-2022-26134
https://github.com/CLincat/vulcat
https://github.com/Chocapikk/CVE-2022-26134
https://github.com/CyberDonkyx0/CVE-2022-26134
https://github.com/DataDog/security-labs-pocs
https://github.com/Goqi/Banli
https://github.com/KeepWannabe/BotCon
https://github.com/Mr-xn/Penetration_Testing_POC
https://github.com/Nwqda/CVE-2022-26134
https://github.com/PsykoDev/CVE-2022-26134
https://github.com/PyterSmithDarkGhost/0DAYEXPLOITAtlassianConfluenceCVE-2022-26134
https://github.com/SIFalcon/confluencePot
https://github.com/SNCKER/CVE-2022-26134
https://github.com/Sakura-nee/CVE-2022-26134
https://github.com/Vulnmachines/Confluence-CVE-2022-26134
https://github.com/W01fh4cker/Serein
https://github.com/Y000o/Confluence-CVE-2022-26134
https://github.com/ZWDeJun/ZWDeJun
https://github.com/abhishekmorla/CVE-2022-26134
https://github.com/alcaparra/CVE-2022-26134
https://github.com/archanchoudhury/Confluence-CVE-2022-26134
https://github.com/axingde/CVE-2022-26134
https://github.com/ba0jy/awesome-intelligence
https://github.com/cai-niao98/CVE-2022-26134
https://github.com/chaosec2021/EXP-POC
https://github.com/come2darkside/Picus-Journey
https://github.com/crowsec-edtech/CVE-2022-26134
https://github.com/d-rn/vulBox
https://github.com/getastra/hypejab
https://github.com/guchangan1/All-Defense-Tool
https://github.com/h3v0x/CVE-2022-26134
https://github.com/hab1b0x/CVE-2022-26134
https://github.com/hktalent/TOP
https://github.com/hou5/CVE-2022-26134
https://github.com/jbaines-r7/through_the_wire
https://github.com/kh4sh3i/CVE-2022-26134
https://github.com/kyxiaxiang/CVE-2022-26134
https://github.com/li8u99/CVE-2022-26134
https://github.com/luck-ying/Library-POC
https://github.com/murataydemir/CVE-2022-26134
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/offlinehoster/CVE-2022-26134
https://github.com/openx-org/BLEN
https://github.com/oturu/CVE-2022-26134-POC
https://github.com/p1ay8y3ar/cve_monitor
https://github.com/redhuntlabs/ConfluentPwn
https://github.com/reubensammut/cve-2022-26134
https://github.com/rodnt/CVE_2022_26134-detect
https://github.com/s0rtega/CVE-2022-26134_vuln
https://github.com/shamo0/CVE-2022-26134
https://github.com/sunny-kathuria/exploit_CVE-2022-26134
https://github.com/superfish9/pt
https://github.com/tanjiti/sec_profile
https://github.com/tgravvold/bigip-irule-samples
https://github.com/th3b3ginn3r/CVE-2022-26134-Exploit-Detection
https://github.com/trhacknon/CVE-2022-26134
https://github.com/trhacknon/CVE-2022-26134-bis
https://github.com/truonghuuphuc/OWASP-ZAP-Scripts
https://github.com/vesperp/CVE-2022-26134-Confluence
https://github.com/weeka10/Tools
https://github.com/whokilleddb/CVE-2022-26134-Confluence-RCE
https://github.com/zhibx/fscan-Intranet