CVE-2017-11467

CRITICAL EXPLOITED IN THE WILD

OrientDB < 2.2.22 - Remote Code Execution via Unprivileged Query Operations

Title source: llm

Exploitation Summary

CVE-2017-11467 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including SecuriTeam, Francis Alexander - Beyond Security\, , # Public PoC, including a Metasploit module exploits/multi/http/orientdb_exec.

AI-analyzed exploit summary This exploit leverages a privilege escalation vulnerability in OrientDB (CVE-2017-11467) where unprivileged users can bypass RBAC restrictions to execute arbitrary Groovy code, leading to remote command execution. The PoC automates privilege escalation and deploys a reverse shell via a crafted Groovy function.

Description

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Exploits (2)

exploitdb WORKING POC

by SecuriTeam · remotewindows

https://www.exploit-db.com/exploits/44068

View Code ZIP pw:eip

This exploit leverages a privilege escalation vulnerability in OrientDB (CVE-2017-11467) where unprivileged users can bypass RBAC restrictions to execute arbitrary Groovy code, leading to remote command execution. The PoC automates privilege escalation and deploys a reverse shell via a crafted Groovy function.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OrientDB 2.2.x and above

Auth required

Prerequisites: Network access to OrientDB server · Valid credentials for a low-privileged user (e.g., 'writer')

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GOOD

by Francis Alexander - Beyond Security\, , # Public PoC · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/orientdb_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a privilege escalation vulnerability in OrientDB 2.2.x to execute unsandboxed OS commands via a crafted Groovy function. It leverages HTTP Basic Auth to create and trigger a malicious function, then cleans up by deleting it.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OrientDB 2.2.2 to 2.2.22

Auth required

Prerequisites: Valid OrientDB credentials · Network access to OrientDB server (port 2480)

MITRE ATT&CK

T1021 - Remote Services T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, URL Repurposed x_refsource_misc

http://www.heavensec.org/?p=1703

Third Party Advisory x_refsource_misc

https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017

Scores

CVSS v3 9.8

EPSS 0.7631

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2018-02-01

InTheWild.io 2018-02-18

CWE

CWE-269

Status published

Products (2)

com.orientechnologies/orientdb-core 0 - 2.2.23Maven

orientdb/orientdb < 2.2.22

Published Jul 20, 2017

Tracked Since Feb 18, 2026