How severe is CVE-2024-31982?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-31982?

This is classified as CWE-95, which is a common weakness in software security.

CVE-2024-31982

CRITICAL Year: 2024

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-95

View all →

Vulnerability Description

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.

CVE-2022-36010

CRITICAL

CVSS:9.8(Critical)

This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e...

CWE-952022

CVE-2023-0090

CRITICAL

CVSS:9.8(Critical)

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network a...

CWE-952023

CVE-2023-26323

CRITICAL

CVSS:9.8(Critical)

A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.

CWE-952023

CVE-2023-26477

CRITICAL

CVSS:9.8(Critical)

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeN...

CWE-952023

CVE-2023-48699

CRITICAL

CVSS:9.8(Critical)

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with py...

CWE-952023

CVE-2024-21650

CRITICAL

CVSS:9.8(Critical)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration featu...

CWE-952024

CVE-2024-31982

Vulnerability Description

Related Vulnerabilities

CVE-2022-36010

CVE-2023-0090

CVE-2023-26323

CVE-2023-26477

CVE-2023-48699

CVE-2024-21650