CVE-2023-21742

HIGH EXPLOITED

Microsoft SharePoint Server - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-21742 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including ohnonoyesyes.

AI-analyzed exploit summary This PoC demonstrates an information leakage vulnerability in Microsoft SharePoint by exploiting a property traversal flaw in the ConvertWebPartFormat SOAP endpoint. It leaks sensitive data such as database connection strings via crafted XML payloads.

Description

Microsoft SharePoint Server Remote Code Execution Vulnerability

Exploits (1)

nomisec WORKING POC 14 stars
by ohnonoyesyes · infoleak
https://github.com/ohnonoyesyes/CVE-2023-21742

This PoC demonstrates an information leakage vulnerability in Microsoft SharePoint by exploiting a property traversal flaw in the ConvertWebPartFormat SOAP endpoint. It leaks sensitive data such as database connection strings via crafted XML payloads.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Microsoft SharePoint (versions affected by CVE-2023-21742)
Auth required
Prerequisites: Access to SharePoint SOAP endpoint · Valid authentication credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.5579
EPSS Percentile 98.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

VulnCheck KEV 2023-12-20
CWE
CWE-284
Status published
Products (5)
microsoft/sharepoint_foundation 2013 sp1
microsoft/sharepoint_server
microsoft/sharepoint_server 2013 sp1
microsoft/sharepoint_server 2016
microsoft/sharepoint_server 2019
Published Jan 10, 2023
Tracked Since Feb 18, 2026