CWE-95
AllowedImproper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Abstraction: Variant · Status: Incomplete
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
261 vulnerabilities reference this CWE, most recent first.
CVE-2024-8512 (GCVE-0-2024-8512)
Vulnerability from cvelistv5 – Published: 2024-10-30 11:00 – Updated: 2026-04-08 16:43- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| w3speedster | W3SPEEDSTER |
Affected:
0 , ≤ 7.26
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:21.318670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T14:04:13.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "W3SPEEDSTER",
"vendor": "w3speedster",
"versions": [
{
"lessThanOrEqual": "7.26",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lesor101"
}
],
"descriptions": [
{
"lang": "en",
"value": "The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the \u0027script\u0027 parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(). This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:43:28.838Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2a56eb63-ba5c-4452-8ab9-f5aeaf53adda?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/w3speedster-wp/trunk/w3speedster.php#L740"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3175640/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-29T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "W3SPEEDSTER \u003c= 7.26 - Authenticated (Administrator+) Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-8512",
"datePublished": "2024-10-30T11:00:59.962Z",
"dateReserved": "2024-09-06T13:43:10.915Z",
"dateUpdated": "2026-04-08T16:43:28.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7954 (GCVE-0-2024-7954)
Vulnerability from cvelistv5 – Published: 2024-08-23 17:43 – Updated: 2025-11-22 12:12| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/spip-porte-plume | third-party-advisory |
| https://blog.spip.net/Mise-a-jour-critique-de-sec… | vendor-advisory |
| https://thinkloveshare.com/hacking/spip_preauth_r… | technical-descriptionexploit |
| Vendor | Product | Version | |
|---|---|---|---|
| SPIP | SPIP |
Affected:
4.3.0-alpha , < 4.3.0-alpha2
(custom)
Affected: 4.2.0 , < 4.2.13 (semver) Affected: 4.1.0 , < 4.1.16 (semver) |
|
| spip | spip |
Affected:
4.3.0-alpha , < 4.3.0-alpha2
(custom)
Affected: 4.2.0 , < 4.2.13 (semver) Affected: 4.1.0 , < 4.1.16 (semver) cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spip",
"vendor": "spip",
"versions": [
{
"lessThan": "4.3.0-alpha2",
"status": "affected",
"version": "4.3.0-alpha",
"versionType": "custom"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.16",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T18:26:49.808289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T18:31:44.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SPIP",
"vendor": "SPIP",
"versions": [
{
"lessThan": "4.3.0-alpha2",
"status": "affected",
"version": "4.3.0-alpha",
"versionType": "custom"
},
{
"lessThan": "4.2.13",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThan": "4.1.16",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.0-alpha2",
"versionStartIncluding": "4.3.0-alpha",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.2.13",
"versionStartIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.1.16",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Louka Jacques-Chevallier"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.\u003cbr\u003e"
}
],
"value": "The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-22T12:12:14.668Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/spip-porte-plume"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-3-0-alpha2-SPIP-4-2-13-SPIP-4.html"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://thinkloveshare.com/hacking/spip_preauth_rce_2024_part_1_the_feather/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SPIP porte_plume Plugin Arbitrary PHP Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-7954",
"datePublished": "2024-08-23T17:43:20.967Z",
"dateReserved": "2024-08-19T18:16:30.180Z",
"dateUpdated": "2025-11-22T12:12:14.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6891 (GCVE-0-2024-6891)
Vulnerability from cvelistv5 – Published: 2024-08-07 23:13 – Updated: 2024-08-08 13:41| URL | Tags |
|---|---|
| https://korelogic.com/Resources/Advisories/KL-001… | third-party-advisory |
| http://seclists.org/fulldisclosure/2024/Aug/6 |
| Vendor | Product | Version | |
|---|---|---|---|
| Journyx | Journyx (jtime) |
Affected:
11.5.4
|
|
| journyx | journyx |
Affected:
11.5.4
cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:29:15.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Aug/6"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "journyx",
"vendor": "journyx",
"versions": [
{
"status": "affected",
"version": "11.5.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-6891",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T13:36:54.539352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T13:41:15.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Journyx (jtime)",
"vendor": "Journyx",
"versions": [
{
"status": "affected",
"version": "11.5.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jaggar Henry of KoreLogic, Inc."
}
],
"datePublic": "2024-08-07T23:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eAttackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow.\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T23:13:56.924Z",
"orgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"shortName": "KoreLogic"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://korelogic.com/Resources/Advisories/KL-001-2024-008.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Journyx Authenticated Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bbf0bd87-ece2-41be-b873-96928ee8fab9",
"assignerShortName": "KoreLogic",
"cveId": "CVE-2024-6891",
"datePublished": "2024-08-07T23:13:56.924Z",
"dateReserved": "2024-07-18T19:25:49.024Z",
"dateUpdated": "2024-08-08T13:41:15.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3562 (GCVE-0-2024-3562)
Vulnerability from cvelistv5 – Published: 2024-06-20 02:08 – Updated: 2026-04-08 17:28- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| mgibbs189 | Custom Field Suite |
Affected:
0 , ≤ 2.6.7
(semver)
|
|
| custom_field_suite_project | custom_field_suite |
Affected:
0 , ≤ 2.6.7
(semver)
cpe:2.3:a:custom_field_suite_project:custom_field_suite:*:*:*:*:*:wordpress:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:custom_field_suite_project:custom_field_suite:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "custom_field_suite",
"vendor": "custom_field_suite_project",
"versions": [
{
"lessThanOrEqual": "2.6.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3562",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T16:28:01.622512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T16:40:02.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L192"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L224"
},
{
"tags": [
"x_transferred"
],
"url": "https://mgibbs189.github.io/custom-field-suite/field-types/loop.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Custom Field Suite",
"vendor": "mgibbs189",
"versions": [
{
"lessThanOrEqual": "2.6.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jack Taylor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:34.096Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=cve"
},
{
"url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L192"
},
{
"url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L224"
},
{
"url": "https://mgibbs189.github.io/custom-field-suite/field-types/loop.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-19T13:10:24.000Z",
"value": "Disclosed"
}
],
"title": "Custom Field Suite \u003c= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3562",
"datePublished": "2024-06-20T02:08:28.437Z",
"dateReserved": "2024-04-09T21:43:05.718Z",
"dateUpdated": "2026-04-08T17:28:34.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-50723 (GCVE-0-2023-50723)
Vulnerability from cvelistv5 – Published: 2023-12-15 19:02 – Updated: 2025-05-07 20:43| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/0f… | x_refsource_MISC |
| https://github.com/xwiki/xwiki-platform/commit/11… | x_refsource_MISC |
| https://github.com/xwiki/xwiki-platform/commit/74… | x_refsource_MISC |
| https://github.com/xwiki/xwiki-platform/commit/bd… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-21121 | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-21122 | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-21194 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 2.3, < 14.10.15
Affected: >= 15.0-rc-1, < 15.5.2 Affected: >= 15.6-rc-1, < 15.7-rc-1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21121",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21121"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21122",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21122"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21194",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21194"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50723",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T20:42:59.700518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:43:16.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.2"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T19:02:57.939Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21121",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21121"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21122",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21122"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21194",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21194"
}
],
"source": {
"advisory": "GHSA-qj86-p74r-7wp5",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform remote code execution/programming rights with configuration section from any user account"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50723",
"datePublished": "2023-12-15T19:02:57.939Z",
"dateReserved": "2023-12-11T17:53:36.031Z",
"dateUpdated": "2025-05-07T20:43:16.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50721 (GCVE-0-2023-50721)
Vulnerability from cvelistv5 – Published: 2023-12-15 19:02 – Updated: 2024-08-02 22:16| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/62… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-21200 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 4.5-rc-1, < 14.10.15
Affected: >= 15.0-rc-1, < 15.5.2 Affected: >= 15.6-rc-1, < 15.7-rc-1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21200",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.5-rc-1, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.2"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn\u0027t properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user\u0027s profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T19:02:46.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21200",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21200"
}
],
"source": {
"advisory": "GHSA-7654-vfh6-rw6x",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform RCE from account through SearchAdmin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50721",
"datePublished": "2023-12-15T19:02:46.076Z",
"dateReserved": "2023-12-11T17:53:36.031Z",
"dateUpdated": "2024-08-02T22:16:47.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48699 (GCVE-0-2023-48699)
Vulnerability from cvelistv5 – Published: 2023-11-21 22:25 – Updated: 2024-08-02 21:37- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| URL | Tags |
|---|---|
| https://github.com/ubertidavide/fastbots/security… | x_refsource_CONFIRM |
| https://github.com/ubertidavide/fastbots/pull/3#i… | x_refsource_MISC |
| https://github.com/ubertidavide/fastbots/commit/7… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ubertidavide | fastbots |
Affected:
< 0.1.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:53.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9"
},
{
"name": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806"
},
{
"name": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "fastbots",
"vendor": "ubertidavide",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it\u0027s executed and it could lead to rce. The vulnerability is in the function `def __locator__(self, locator_name: str)` in `page.py`. In order to mitigate this issue, upgrade to fastbots version 0.1.5 or above."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-21T22:25:41.183Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ubertidavide/fastbots/security/advisories/GHSA-vccg-f4gp-45x9"
},
{
"name": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ubertidavide/fastbots/pull/3#issue-2003080806"
},
{
"name": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ubertidavide/fastbots/commit/73eb03bd75365e112b39877e26ef52853f5e9f57"
}
],
"source": {
"advisory": "GHSA-vccg-f4gp-45x9",
"discovery": "UNKNOWN"
},
"title": "fastbots Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48699",
"datePublished": "2023-11-21T22:25:41.183Z",
"dateReserved": "2023-11-17T19:43:37.553Z",
"dateUpdated": "2024-08-02T21:37:53.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46731 (GCVE-0-2023-46731)
Vulnerability from cvelistv5 – Published: 2023-11-06 18:47 – Updated: 2024-09-05 14:34| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/fe… | x_refsource_MISC |
| https://github.com/xwiki/xwiki-platform/commit/fe… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-21110 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
org.xwiki.platform:xwiki-platform-administration : < 14.10.14
Affected: org.xwiki.platform:xwiki-platform-administration-ui: < 14.10.14 Affected: org.xwiki.platform:xwiki-platform-administration-ui: >= 15.0-rc-1, < 15.5.1 |
|
| xwiki | xwiki |
Affected:
0 , < 14.10.14
(custom)
Affected: 15.0 , < 15.5.1 (custom) cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21110",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21110"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5.1",
"status": "affected",
"version": "15.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:31:01.182469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:34:27.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-administration : \u003c 14.10.14"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-administration-ui: \u003c 14.10.14"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-administration-ui: \u003e= 15.0-rc-1, \u003c 15.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn\u0027t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T18:47:49.279Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21110",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21110"
}
],
"source": {
"advisory": "GHSA-62pr-qqf7-hh89",
"discovery": "UNKNOWN"
},
"title": "Remote code execution through the section parameter in Administration as guest in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46731",
"datePublished": "2023-11-06T18:47:49.279Z",
"dateReserved": "2023-10-25T14:30:33.751Z",
"dateUpdated": "2024-09-05T14:34:27.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40177 (GCVE-0-2023-40177)
Vulnerability from cvelistv5 – Published: 2023-08-23 20:11 – Updated: 2024-10-03 13:41- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/df… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-7369 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 4.3-milestone-2, < 14.10.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-7369",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-7369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:41:24.610232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:41:37.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.3-milestone-2, \u003c 14.10.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the ``display`` script service to render the content we make sure that the proper author is used for access rights checks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T20:11:45.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-7369",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-7369"
}
],
"source": {
"advisory": "GHSA-5mf8-v43w-mfxp",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform privilege escalation (PR) from account through AWM content fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40177",
"datePublished": "2023-08-23T20:11:45.227Z",
"dateReserved": "2023-08-09T15:26:41.052Z",
"dateUpdated": "2024-10-03T13:41:37.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37909 (GCVE-0-2023-37909)
Vulnerability from cvelistv5 – Published: 2023-10-25 17:09 – Updated: 2024-09-17 13:37- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
| URL | Tags |
|---|---|
| https://github.com/xwiki/xwiki-platform/security/… | x_refsource_CONFIRM |
| https://github.com/xwiki/xwiki-platform/commit/9e… | x_refsource_MISC |
| https://jira.xwiki.org/browse/XWIKI-20746 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 5.1-rc-1, < 14.10.8
Affected: >= 15.0-rc-1, < 15.3-rc-1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20746",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20746"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37909",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:39:07.513308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:37:52.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.1-rc-1, \u003c 14.10.8"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T17:09:59.187Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20746",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20746"
}
],
"source": {
"advisory": "GHSA-v2rr-xw95-wcjx",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37909",
"datePublished": "2023-10-25T17:09:59.187Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-09-17T13:37:52.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Refactoring
If possible, refactor your code so that it does not need to use eval() at all.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180, CWE-181). Make sure that your application does not inadvertently decode the same input twice (CWE-174). Such errors could be used to bypass allowlist schemes by introducing dangerous inputs after they have been checked. Use libraries such as the OWASP ESAPI Canonicalization control.
- Consider performing repeated canonicalization until your input does not change any more. This will avoid double-decoding and similar scenarios, but it might inadvertently modify inputs that are allowed to contain properly-encoded dangerous content.
Mitigation
For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.