42 matches found
VulnCheck KEV: CVE-2025-52472
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-8052 HQL Injection vulnerability has been discovered in Opentext Flipper.
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2...
CVE-2025-52472
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
EUVD-2016-2690
Malware in sbrugna...
EUVD-2020-4225
Malware in sbrugna...
GHSA-GPRP-H92G-GC2H XWiki Platform is vulnerable to HQL injection via wiki and space search REST API
Impact The REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is added twice in the query, though, once in the field list for the select and once in the order clause, so it's not that easy to exploit. The part of the query between the two fields can b...
CVE-2025-52472
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the orderField parameter. The specified value is...
CVE-2025-52472
XWiki Platform is vulnerable to Hibernate Query Language (HQL) injection in the wiki/space search REST API. Affected versions are 4.3-milestone-1 up to but not including 16.10.9, 17.4.2, and 17.5.0. The vulnerability arises from the orderField parameter, where the value is inserted twice in the q...
EUVD-2024-3519
Malicious code in bioql PyPI...
PT-2025-40901
Name of the Vulnerable Software and Affected Versions XWiki Platform versions 4.3-milestone-1 through 16.10.8 XWiki Platform versions 17.4.0 through 17.4.1 XWiki Platform versions 17.5.0 Description The XWiki Platform, a generic wiki platform, contains a flaw in the REST search URL. The orderFiel...
CVE-2024-55663
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...
CVE-2020-11886
OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm aka the NodeListController via snmpParm or snmpParmValue to addCriteriaForSnmpParm. This affects Horizon before 25.2.1, Meridian 2019 before 2019.1.4, Meridian 2018 before 2018.1.16, and Meridian 2017 before 2017.1.21...
CVE-2024-49203
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction...
CVE-2024-55663
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...
CVE-2024-55663
CVE-2024-55663 is an SQL injection in XWiki Platform occurring in getdocument.vm, tied to an unsanitized sort parameter that can enable HQL injection. Affected versions include 6.3-milestone-2 up to 13.10.4/14.3-rc-1, with patches implemented in 13.10.5 and 14.3-rc-1. Depending on the database ba...
CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...
Querydsl vulnerable to HQL injection through orderBy
Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repositoryhttps://github.com/querydsl/querydsl whe...