## https://sploitus.com/exploit?id=E3867F9E-A1DF-5CB7-833A-7923D44DA739
# CVE-2023-22527
### CVE-2023-22527 - Server-side Template Injection (SSTI) vulnerability allowing Remote Code Execution (RCE) In Confluence Data Center and Confluence Server
![image](https://github.com/yoryio/CVE-2023-22527/assets/134471901/c1fe76f3-102f-440a-8028-c29fba4e8f53)
*Products and Versions affected:*
| Product | Affected Versions |
| :-------------------------------- | :------------------------------------------------------- |
| Confluence Data Center and Server | 8.0.x <br />8.2.x<br />8.3.x<br />8.4.x<br />8.5.0-8.5.3 |
- **CVSS:** 10.0
- **Actively Exploited:** [YES](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog)
- **Patch:** [YES](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html)
- **Mitigation:** NO
# Help
```
usage: CVE-2023-22527.py [-h] -u URL [-c COMMAND]
options:
-h, --help show this help message and exit
-u URL, --url URL Atlassian Confluence Server URL
-c COMMAND, --command COMMAND
Command to Execute
```
**Example:** `python CVE-2023-22527.py -u https://10.10.12.2 -c whoami`
# Lab
You can use Try Hack Me's Room [Confluence CVE-2023-22515](https://tryhackme.com/room/confluence202322515) to test the exploit because it also runs a vulnerable version affected by **CVE-2023-22527**.
# Vision of Atlassian Confluence Servers by SHADOWSERVER:
![map](https://github.com/yoryio/CVE-2023-22527/assets/134471901/e39842f1-7db5-4a65-a9f1-7ad9ef3b583a)
# References
- [Where are they now? Starring: Confluence CVE-2023-22527](https://www.labs.greynoise.io/grimoire/2024-03-confluence-where-are-they-now/)
- [Atlassian Confluence - Remote Code Execution (CVE-2023-22527)](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/)
- [Shadowserver Atlassian Statistics](https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-01-23&vendor=atlassian&model=confluence&geo=all&data_set=count&scale=log)
- [CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html)
- [GreyNoise Tag - Atlassian Confluence Template Injection RCE Attempt](https://viz.greynoise.io/tags/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527)
- [CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2024/01/24/cisa-adds-one-known-exploited-vulnerability-catalog)