CVE-2024-31982

Summary

CVE-2024-31982 is a remote code execution vulnerability affecting the XWiki Platform, a generic wiki solution. Versions 2.4-milestone-1 and earlier, up to 4.10.20, 15.5.4, and 15.10-rc-1 are susceptible to this issue. The flaw lies in XWiki's database search, which can be exploited by attackers to execute arbitrary code. This vulnerability jeopardizes the confidentiality, integrity, and availability of an XWiki installation. Users of public wikis or even closed wikis are at risk as the database search is accessible to all by default. The vulnerability has been patched in XWiki 14.10.20, 15.5.4, and 15.10RC1. As a workaround, users can apply the patch to the `Main.DatabaseSearch` page or delete the page if not in use, as it's not the default search interface of XWiki.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.