0xvoodoo/PoCs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
78bdacd90dc5e9bc8805d12fb3bfc09e7c0f44a1
PoCs/CVE-2025-24893/README.md
T
0xVoodoo 78bdacd90d Adding CVE-2025-24071 and tweaking READMEs
2025-08-19 12:38:44 -06:00

416 B
Raw Blame History

CVE-2025-24893 - XWiki RCE

This vuln stems from improper user input sanitization when passing SolrSearch queries. Arbitrary groovy code can be executed due to a direct evaluate() call.

The vulnerable endpoint here is: /xwiki/bin/get/Main/SolrSearch?media=rss&text=

License

GPL v3.0 - as all good software should be

Only with explicit permission from the target system owner.

Remember - don't be a skid :)

Reference in New Issue View Git Blame Copy Permalink