CVE-2017-11467

CRITICAL EXPLOITED IN THE WILD

OrientDB <2.2.22 - RCE

Title source: llm

Description

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Exploits (2)

exploitdb WORKING POC

by SecuriTeam · remotewindows

https://www.exploit-db.com/exploits/44068

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Francis Alexander - Beyond Security\, , # Public PoC · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/orientdb_exec.rb

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, URL Repurposed] http://www.heavensec.org/?p=1703

[Third Party Advisory] https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017

Scores

CVSS v3 9.8

EPSS 0.7631

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2018-02-01

InTheWild.io 2018-02-18

CWE

CWE-269

Status published

Products (2)

com.orientechnologies/orientdb-core 0 - 2.2.23Maven

orientdb/orientdb < 2.2.22

Published Jul 20, 2017

Tracked Since Feb 18, 2026