7 matches found
VulnCheck KEV: CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...
📄 XWiki 14 SQL Injection
XWiki version 14 suffers from a remote blind SQL injection vulnerability in getdeleteddocuments.vm. Exploit Title: XWiki 14 - SQL Injection via getdeleteddocuments.vm Google Dork: N/A Date: 28 July 2025 Exploit Author: Byte Reaper LinkedIn: N/A Vendor Homepage: https://www.xwiki.org Software Link...
Exploit for CVE-2025-32429
CVE-2025-32429 Vulnerability Checker A Python-based vulnerabi...
Exploit for CVE-2025-32429
CVE-2025-32429 – SQL Injection in PHP PDO Prepared Statements...
Exploit for CVE-2025-32429
CVE-2025-32429 XWiki SQL Injection PoC Author: Byte Reape...
CVE-2025-32429
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...
CVE-2025-32429
XWiki Platform contains an SQL injection in the getdeleteddocuments.vm template via the sort parameter (LiveData REST), affecting versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2. The vulnerability allows injection of SQL by injecting the ORDER BY value, with impact described as d...