Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-22980 PoC — Spring Data MongoDB 安全漏洞

Source
https://github.com/Vulnmachines/Spring_cve-2022-22980
Associated Vulnerability
Title:Spring Data MongoDB 安全漏洞 (CVE-2022-22980)
Description:A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
Description
spring data mongodb remote code execution | cve-2022-22980 poc
Readme
# Spring_cve-2022-22980
spring data mongodb remote code execution | cve-2022-22980 poc

## Description 
A Spring Data MongoDB application is vulnerable to #SpEL #injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.

### [Video POC](https://www.youtube.com/watch?v=CTYyadO2IuQ)

## Follow us for latest exploit POC

### [YouTube](https://www.youtube.com/c/vulnmachines)
### [Twitter](https://www.twitter.com/vulnmachines)
### [Facebook](https://www.facebook.com/vulnmachines)
### [LinkedIn](https://www.linkedin.com/company/vulnmachines)
File Snapshot

 [4.0K]  /data/pocs/f3f59f7cfaa4f37df79c7333629b7fcf7a7426e4
├── [ 207]  payload
└── [ 665]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →