Main Vulnerability Database Exploits ID:8910 - Exploit for Code Injection in Atlassian Confluence Server - CVE-2021-26084

ID:8910 - Exploit for Code Injection in Atlassian Confluence Server - CVE-2021-26084

Published: March 13, 2023

Vulnerability identifier: #VU56249

Vulnerability risk: High

CVE-ID: CVE-2021-26084

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
Atlassian Confluence Server

Link to public exploit:

https://github.com/smadi0x01/CVE-2021-26084

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request, perform the OGNL injection and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that the "Allow people to sign up to create their account" option is enabled.

Note, as of September 3 the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

ID:8910 - Exploit for Code Injection in Atlassian Confluence Server - CVE-2021-26084

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human