Share
## https://sploitus.com/exploit?id=423DF4D5-60AF-5663-B196-2A67DD13D226
# CVE-2022-26134 PoC

Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability PoC
[<img src="https://thehackernews.com/images/-bf-nviQ7QOQ/YNRYyYeddxI/AAAAAAAAC-k/OjSyvfk4SV81J_vouujuRiwnUcsZCBTyQCLcBGAsYHQ/s0/Atlassian-hacking.jpg">](https://thehackernews.com/images/-bf-nviQ7QOQ/YNRYyYeddxI/AAAAAAAAC-k/OjSyvfk4SV81J_vouujuRiwnUcsZCBTyQCLcBGAsYHQ/s0/Atlassian-hacking.jpg)

# Severity

Atlassian rates the severity level of this vulnerability as critical, according to the scale published in Atlassian severity levels. 
All versions of Confluence Server and Data Center prior to the fixed versions listed above are affected by this vulnerability.

# Fixed Versions
Released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1 contain a fix for this issue.

# PoC
```
git clone https://github.com/shamo0/CVE-2022-26134.git
cd CVE-2022-26134
python3 exploit.py https://target.com CMD
```


# References

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html

https://github.com/Nwqda/CVE-2022-26134

https://jira.atlassian.com/browse/CONFSERVER-79016

https://bugalert.org/content/notices/2022-06-02-confluence.html