0xVoodoo
12 lines
355 B
Markdown
12 lines
355 B
Markdown
# CVE-2025-24893 - XWiki RCE
|
|
|
|
This vuln stems from improper user input sanitization when passing SolrSearch queries. Arbitrary groovy code can be executed due to a direct evaluate() call.
|
|
|
|
The vulnerable endpoint here is:
|
|
`/xwiki/bin/get/Main/SolrSearch?media=rss&text=`
|
|
|
|
# License
|
|
GPL v3.0 - as all good software should be
|
|
|
|
Remember - don't be a skid :)
|