cve/2022/CVE-2022-26134.md

### [CVE-2022-26134](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26134)
![](https://img.shields.io/static/v1?label=Product&message=Confluence%20Data%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Confluence%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%201.3.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20Code%20Execution&color=brighgreen)

### Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

### POC

#### Reference
- http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html

#### Github
- https://github.com/0x14dli/cve2022-26134exp
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0xAgun/CVE-2022-26134
- https://github.com/0xNslabs/CVE-2022-36553-PoC
- https://github.com/0xStrygwyr/OSCP-Guide
- https://github.com/0xZipp0/OSCP
- https://github.com/0xsyr0/OSCP
- https://github.com/1337in/CVE-2022-26134web
- https://github.com/1derian/pocsuite3_pro
- https://github.com/1rm/Confluence-CVE-2022-26134
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/2212970396/CVE_2022_26134
- https://github.com/2591014574/all-Def-Tool
- https://github.com/2lambda123/panopticon-unattributed
- https://github.com/34zY/APT-Backpack
- https://github.com/404fu/CVE-2022-26134-POC
- https://github.com/404tk/lazyscan
- https://github.com/5l1v3r1/CVE-2022-26141
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AmoloHT/CVE-2022-26134
- https://github.com/Awrrays/FrameVul
- https://github.com/BBD-YZZ/Confluence-RCE
- https://github.com/BeichenDream/CVE-2022-26134-Godzilla-MEMSHELL
- https://github.com/Brucetg/CVE-2022-26134
- https://github.com/CJ-0107/cve-2022-26134
- https://github.com/CLincat/vulcat
- https://github.com/CatAnnaDev/CVE-2022-26134
- https://github.com/Chocapikk/CVE-2022-26134
- https://github.com/ColdFusionX/CVE-2022-26134
- https://github.com/CuriousLearnerDev/Full-Scanner
- https://github.com/CyberDonkyx0/CVE-2022-26134
- https://github.com/DARKSTUFF-LAB/-CVE-2022-26134
- https://github.com/DallasWmk/censys_takehome
- https://github.com/DataDog/security-labs-pocs
- https://github.com/Debajyoti0-0/CVE-2022-26134
- https://github.com/ExpLangcn/HVVExploitApply_POC
- https://github.com/GibzB/THM-Captured-Rooms
- https://github.com/Goqi/Banli
- https://github.com/Habib0x0/CVE-2022-26134
- https://github.com/HimmelAward/Goby_POC
- https://github.com/JERRY123S/all-poc
- https://github.com/Jean-Francois-C/Windows-Penetration-Testing
- https://github.com/KeepWannabe/BotCon
- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection
- https://github.com/Loginsoft-Research/Linux-Exploit-Detection
- https://github.com/Lotus6/ConfluenceMemshell
- https://github.com/Luchoane/CVE-2022-26134_conFLU
- https://github.com/Ly0nt4r/OSCP
- https://github.com/MaskCyberSecurityTeam/CVE-2022-26134_Behinder_MemShell
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Muhammad-Ali007/Atlassian_CVE-2022-26134
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Nwqda/CVE-2022-26134
- https://github.com/OrangeHacking-CyberSecurity/kali-build-config
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Panopticon-Project/panopticon-AdoptElf
- https://github.com/Panopticon-Project/panopticon-DFM
- https://github.com/Panopticon-Project/panopticon-DefineElf
- https://github.com/Panopticon-Project/panopticon-ScenarioElf
- https://github.com/Panopticon-Project/panopticon-unattributed
- https://github.com/PsykoDev/CVE-2022-26134
- https://github.com/PyterSmithDarkGhost/0DAYEXPLOITAtlassianConfluenceCVE-2022-26134
- https://github.com/ReAbout/web-sec
- https://github.com/SIFalcon/confluencePot
- https://github.com/SNCKER/CVE-2022-26134
- https://github.com/SYRTI/POC_to_review
- https://github.com/Sakura-nee/CVE-2022-26134
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/SirElmard/ethical_hacking
- https://github.com/StarCrossPortal/scalpel
- https://github.com/SummerSec/SpringExploit
- https://github.com/Sylon001/Common-tool
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Awesome-Redteam
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/UsagiB4/An_Idiots_writeups_on_THM
- https://github.com/Vulnmachines/Confluence-CVE-2022-26134
- https://github.com/W01fh4cker/Serein
- https://github.com/WhooAmii/POC_to_review
- https://github.com/Whoopsunix/whoopsunix.github.io
- https://github.com/Y000o/Confluence-CVE-2022-26134
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ZWDeJun/ZWDeJun
- https://github.com/Zhao-sai-sai/Full-Scanner
- https://github.com/abhishekmorla/CVE-2022-26134
- https://github.com/acfirthh/CVE-2022-26134
- https://github.com/alcaparra/CVE-2022-26134
- https://github.com/anonymous364872/Rapier_Tool
- https://github.com/anquanscan/sec-tools
- https://github.com/apif-review/APIF_tool_2024
- https://github.com/archanchoudhury/Confluence-CVE-2022-26134
- https://github.com/axingde/CVE-2022-26134
- https://github.com/aymankhder/Windows-Penetration-Testing
- https://github.com/b4dboy17/CVE-2022-26134
- https://github.com/badboy-sft/CVE-2022-26134
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bigblackhat/oFx
- https://github.com/cai-niao98/CVE-2022-26134
- https://github.com/cbk914/CVE-2022-26134_check
- https://github.com/chaosec2021/EXP-POC
- https://github.com/chendoy/chendoy
- https://github.com/coskper-papa/CVE-2022-26134
- https://github.com/crac-learning/CVE-analysis-reports
- https://github.com/crowsec-edtech/CVE-2022-26134
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d-rn/vulBox
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/dabaibuai/dabai
- https://github.com/demining/Log4j-Vulnerability
- https://github.com/domsum03/Researched-Top-APT-Groups
- https://github.com/e-hakson/OSCP
- https://github.com/eljosep/OSCP-Guide
- https://github.com/enomothem/PenTestNote
- https://github.com/exfilt/CheatSheet
- https://github.com/f4yd4-s3c/cve-2022-26134
- https://github.com/getastra/hypejab
- https://github.com/getdrive/PoC
- https://github.com/guchangan1/All-Defense-Tool
- https://github.com/h3v0x/CVE-2022-26134
- https://github.com/hab1b0x/CVE-2022-26134
- https://github.com/hev0x/CVE-2022-26134
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/huan-cdm/secure_tools_link
- https://github.com/huimzjty/vulwiki
- https://github.com/iluaster/getdrive_PoC
- https://github.com/incogbyte/CVE_2022_26134-detect
- https://github.com/itwestend/cve_2022_26134
- https://github.com/iveresk/cve-2022-26134
- https://github.com/jbaines-r7/through_the_wire
- https://github.com/jbmihoub/all-poc
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/k8gege/Ladon
- https://github.com/kailing0220/CVE-2020-13937
- https://github.com/kailing0220/CVE-2022-26134
- https://github.com/kelemaoya/CVE-2022-26134
- https://github.com/keven1z/CVE-2022-26134
- https://github.com/keven1z/redTeamGadget
- https://github.com/kevinnivekkevin/3204_coursework_1
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/kh4sh3i/CVE-2022-26134
- https://github.com/khulnasoft-lab/awesome-security
- https://github.com/khulnasoft-labs/awesome-security
- https://github.com/kyxiaxiang/CVE-2022-26134
- https://github.com/lalsaady/CensysProj
- https://github.com/langu-xyz/JavaVulnMap
- https://github.com/latings/CVE-2022-26134
- https://github.com/li8u99/CVE-2022-26134
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/loobug/stools
- https://github.com/mamba-2021/EXP-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/merlinepedra25/AttackWebFrameworkTools-5.0
- https://github.com/murataydemir/CVE-2022-26134
- https://github.com/nitishbadole/oscp-note-3
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nxtexploit/CVE-2022-26134
- https://github.com/offlinehoster/CVE-2022-26134
- https://github.com/onewinner/VulToolsKit
- https://github.com/openx-org/BLEN
- https://github.com/oscpname/OSCP_cheat
- https://github.com/p4b3l1t0/confusploit
- https://github.com/parth45/cheatsheet
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/pipiscrew/timeline
- https://github.com/r1skkam/TryHackMe-Atlassian-CVE-2022-26134
- https://github.com/ravro-ir/golang_bug_hunting
- https://github.com/redhuntlabs/ConfluentPwn
- https://github.com/reph0r/poc-exp
- https://github.com/reph0r/poc-exp-tools
- https://github.com/reubensammut/cve-2022-26134
- https://github.com/revanmalang/OSCP
- https://github.com/rodnt/CVE_2022_26134-detect
- https://github.com/savior-only/javafx_tools
- https://github.com/seeu-inspace/easyg
- https://github.com/shamo0/CVE-2022-26134
- https://github.com/shiftsansan/CVE-2022-26134-Console
- https://github.com/skhalsa-sigsci/CVE-2022-26134-LAB
- https://github.com/sponkmonk/Ladon_english_update
- https://github.com/sunny-kathuria/exploit_CVE-2022-26134
- https://github.com/superfish9/pt
- https://github.com/taielab/awesome-hacking-lists
- https://github.com/tgravvold/bigip-irule-samples
- https://github.com/th3b3ginn3r/CVE-2022-26134-Exploit-Detection
- https://github.com/trganda/dockerv
- https://github.com/trhacknon/CVE-2022-26134
- https://github.com/trhacknon/CVE-2022-26134-bis
- https://github.com/trhacknon/CVE-2022-26134-miam
- https://github.com/trhacknon/Pocingit
- https://github.com/truonghuuphuc/OWASP-ZAP-Scripts
- https://github.com/twoning/CVE-2022-26134-PoC
- https://github.com/txuswashere/OSCP
- https://github.com/unp4ck/CVE_2022_26134-detect
- https://github.com/vesperp/CVE-2022-26134-Confluence
- https://github.com/weeka10/Tools
- https://github.com/whoforget/CVE-POC
- https://github.com/whokilleddb/CVE-2022-26134-Confluence-RCE
- https://github.com/wjlin0/CVE-2022-26134
- https://github.com/x3t2con/Rttools-2
- https://github.com/xanszZZ/ATLASSIAN-Confluence_rce
- https://github.com/xhref/OSCP
- https://github.com/xinyisleep/pocscan
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yTxZx/CVE-2022-26134
- https://github.com/yTxZx/CVE-2023-23752
- https://github.com/yigexioabai/CVE-2022-26134-cve1
- https://github.com/youcans896768/APIV_Tool
- https://github.com/youwizard/CVE-POC
- https://github.com/yyqxi/CVE-2022-26134
- https://github.com/zecool/cve
- https://github.com/zhangziyang301/All-Defense-Tool
- https://github.com/zhibx/fscan-Intranet