CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-31982

High Severity
Xwiki
SVRS
46/100
CVSSv3
10.0/10
EPSS
0.94101/1

CVE-2024-31982: XWiki Platform remote code execution vulnerability allows attackers to execute arbitrary code through database search. This critical flaw impacts the confidentiality, integrity, and availability of XWiki installations. The SVRS score is 46, indicating a moderate level of risk; however, given that exploits are actively being used "In The Wild", prompt patching is strongly advised. The vulnerability exists because the database search functionality in XWiki permits code execution via crafted search text. Successful exploitation grants attackers significant control over the affected system. Upgrade to XWiki versions 14.10.20, 15.5.4, or 15.10RC1 to mitigate this risk. Alternatively, apply the provided patch or disable database search if not actively in use.

TAGS
In The Wild
Exploit Avaliable
X_refsource_CONFIRM
X_refsource_MISC
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:C
C:H
I:H
A:H
PUBLICATION DATE2024-04-10
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-31982 is a critical vulnerability in XWiki Platform, a generic wiki platform. It allows remote code execution through the database search text, impacting the confidentiality, integrity, and availability of the entire XWiki installation. The vulnerability has been patched in XWiki 14.10.20, 15.5.4, and 15.10RC1.

Key Insights

  • The vulnerability has a CVSS score of 10, indicating its critical severity.
  • The SOCRadar Vulnerability Risk Score (SVRS) is 30, highlighting the urgency and severity of the threat.
  • Active exploits have been published, and the vulnerability is being actively exploited in the wild.

Mitigation Strategies

  • Update to XWiki 14.10.20, 15.5.4, or 15.10RC1.
  • Manually apply the patch to the page Main.DatabaseSearch.
  • Delete the page Main.DatabaseSearch if database search is not explicitly used.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
bigb0x/CVE-2024-31982https://github.com/bigb0x/CVE-2024-319822024-06-22
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-31982 | XWiki xwiki-platform-search-ui DatabaseSearch neutralization of directives
vuldb.com2025-03-26
CVE-2024-31982 | XWiki xwiki-platform-search-ui DatabaseSearch neutralization of directives | A vulnerability classified as critical was found in XWiki xwiki-platform-search-ui. This vulnerability affects unknown code of the component DatabaseSearch. The manipulation leads to improper neutralization of directives in dynamically evaluated code ('eval injection'). This vulnerability was named CVE-2024-31982. The attack can be initiated remotely. Furthermore
vuldb.com
rss
forum
news

Social Media

16 new OPEN, 35 new PRO (16 + 19) Sitecore CMS (CVE-2019-9874), TBK DVR Devices (CVE-2024-3721), XWiki Groovy (CVE-2024-31982), ExEvil, LandUpdate808, SecTopRAT, TA569, Win32/Lumma Stealer, Win32/XWorm, Win32/zgRAT https://t.co/qLarf20oJb
0
0
0
About Remote Code Execution - #XWiki Platform (CVE-2024-31982). An exploit PoC was provided by XWiki developers in their vulnerability bulletin. 🤷‍♂️ Functional scripts for exploiting this vulnerability have been available on GitHub since June 22. ➡️ https://t.co/DnpzOtBnqO https://t.co/RIixjdaJvM
0
0
0
#ThreatProtection #CVE-2024-31982 - #XWiki #RCE #vulnerability, read more about Symantec's protection: https://t.co/BoSxnAlIrB
0
0
1
csirt_it: La Settimana Cibernetica del 30 giugno 2024: 🔹aggiornamenti per Elastic NV, Progress, GitLab, LibreOffice, Google, Netgear 🔹PoC pubblici per CVE-2024-5276, CVE-2024-5806 e CVE-2024-31982 🔹compromissione di plugin per Wordpress 🔗 … https://t.co/zG6Ipi72f8
0
0
0
POC and bulk scanner for CVE-2024-31982: XWiki Platform Remote Code Execution. https://t.co/Z5qZ3nPsrE This provided tool is for educational purposes only. I do not encourage, condone, or support unauthorized access to any system. #RCE #Exploit #CyberSecurity #infosecurity https://t.co/kCZHk1eGVN
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppXwikixwiki

References

ReferenceLink
[email protected]https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
[email protected]https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
[email protected]https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
[email protected]https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
[email protected]https://jira.xwiki.org/browse/XWIKI-21472
[email protected]https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
[email protected]https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
[email protected]https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
[email protected]https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
[email protected]https://jira.xwiki.org/browse/XWIKI-21472
[email protected]https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
AF854A3A-2127-422B-91AE-364DA2661108https://jira.xwiki.org/browse/XWIKI-21472
AF854A3A-2127-422B-91AE-364DA2661108https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982
[email protected]https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
[email protected]https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
[email protected]https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
[email protected]https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
[email protected]https://jira.xwiki.org/browse/XWIKI-21472
[email protected]https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982
HTTPS://GITHUB.COM/XWIKI/XWIKI-PLATFORM/COMMIT/3C9E4BB04286DE94AD24854026A09FA967538E31https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31
HTTPS://GITHUB.COM/XWIKI/XWIKI-PLATFORM/COMMIT/459E968BE8740C8ABC2A168196CE21E5BA93CFB8https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8
HTTPS://GITHUB.COM/XWIKI/XWIKI-PLATFORM/COMMIT/95BDD6CC6298ACDF7F8F21298D40EEB8390A8565https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565
HTTPS://GITHUB.COM/XWIKI/XWIKI-PLATFORM/SECURITY/ADVISORIES/GHSA-2858-8CFX-69M9https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
HTTPS://JIRA.XWIKI.ORG/BROWSE/XWIKI-21472https://jira.xwiki.org/browse/XWIKI-21472
GITHUBhttps://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982

CWE Details

CWE IDCWE NameDescription
CWE-95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval).
CWE-94Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence