CVE-2019-14224

HIGH

Alfresco Community Edition 5.2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14224. PoCs published by mbadanoiu.

AI-analyzed exploit summary The repository provides a technical description of an exploit chain in Alfresco Community involving Solr configuration upload, JMX connection triggering, and RMI deserialization for remote code execution. It references an external PDF for detailed exploitation steps but lacks direct exploit code.

Description

An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.

Exploits (1)

nomisec WRITEUP
by mbadanoiu · poc
https://github.com/mbadanoiu/CVE-2019-14224

The repository provides a technical description of an exploit chain in Alfresco Community involving Solr configuration upload, JMX connection triggering, and RMI deserialization for remote code execution. It references an external PDF for detailed exploitation steps but lacks direct exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Alfresco Community
Auth required
Prerequisites: Valid Alfresco Admin Console credentials · Access to Alfresco WebDAV or Share · Access to Alfresco Solr interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0527
EPSS Percentile 91.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (1)
alfresco/alfresco 5.2
Published Sep 05, 2019
Tracked Since Feb 18, 2026