CVE-2025-32429 XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

CVE-2025-32429

XWiki Platform contains an SQL injection in the getdeleteddocuments.vm template via the sort parameter (LiveData REST), affecting versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2. The vulnerability allows injection of SQL by injecting the ORDER BY value, with impact described as d...

CVE-2025-32429 XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an...

GHSA-VR59-GM53-V7CQ XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter

Impact It's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. One can see the result of the injection with...

XWiki Platform vulnerable to SQL injection through getdeleteddocuments.vm template sort parameter

Impact It's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. One can see the result of the injection with...