XWiki.RegistrationConfig.Code.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in XWiki.
The vulnerability is due to lack of input validation when handling user registration requests. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the vulnerable server. Successful exploitation could result in arbitrary code execution in the security context of the application.
Affected Products
XWiki.org XWiki 14.10.x prior to 14.10.17
XWiki.org XWiki 15.5.x prior to 15.5.3
XWiki.org XWiki 15.6
XWiki.org XWiki 15.7
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |