|Category:||Web application abuses|
|Title:||XWiki < 11.10.6, 12.x < 12.5 RCE Vulnerability|
|Summary:||XWiki is prone to a remote code execution vulnerability.|
XWiki is prone to a remote code execution vulnerability.
Any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to
the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and
invoke methods that may lead to arbitrary code execution.
XWiki prior to version 11.10.6 or 12.5.
Update to version 11.10.6, 12.5 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-15252|
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.