GHSA-WH34-M772-5398 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
Impact In getdocument.vm ; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashe...