EUVD-2024-3519

Malicious code in bioql PyPI...

GHSA-WH34-M772-5398 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

Impact In getdocument.vm ; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashe...

CVE-2024-55663 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

CVE-2023-32210

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability...