Full title: Atlassian Confluence SSTI Injection Exploit 
Category: remote exploits
Platform: multiple
This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable.

# 0day.today @ http://0day.today/