Share
## https://sploitus.com/exploit?id=E3867F9E-A1DF-5CB7-833A-7923D44DA739
# CVE-2023-22527

โš ๏ธ This script is for defensive purposes and should be used by cybersecurity professionals to identify possible vulnerable Atlassian Confluence servers and make contact as soon as possible with the affected organizations.

# Description

### CVE-2023-22527 - Server-side Template Injection (SSTI) vulnerability allowing Remote Code Execution (RCE) In Confluence Data Center and Confluence Server

*Products and Versions affected:*

| Product                           | Affected Versions                                        |
| :-------------------------------- | :------------------------------------------------------- |
| Confluence Data Center and Server | 8.0.x <br />8.2.x<br />8.3.x<br />8.4.x<br />8.5.0-8.5.3 |

- **CVSS:** 10.0
- **Actively Exploited:** YES
- **Patch:** YES
- **Mitigation:** NO

# Help

```
usage: CVE-2023-22527.py [-h] -u URL [-c COMMAND]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     Atlassian Confluence Server URL
  -c COMMAND, --command COMMAND
                        Command to Execute
```

**Example:** `python CVE-2023-22527.py -u https://10.10.12.2 -c whoami`

# Atlassian Confluence Servers by SHADOWSERVER:

![map](https://github.com/yoryio/CVE-2023-22527/assets/134471901/e39842f1-7db5-4a65-a9f1-7ad9ef3b583a)


# References
- [Atlassian Confluence - Remote Code Execution (CVE-2023-22527)](https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/)
- [Shadowserver Atlassian Statistics](https://dashboard.shadowserver.org/statistics/iot-devices/map/?day=2024-01-23&vendor=atlassian&model=confluence&geo=all&data_set=count&scale=log)
- [CVE-2023-22527 - RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server](https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html)