3 matches found
CVE-2024-56158
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...
CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...
XWiki Platform 注入漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. An SQL injection vulnerability exists in XWiki Platform that stems from the query validator not cleaning up functions such as DBMSXMLGEN or DBMSXMLQUERY, which could lead to an SQL injection...