CVE-2025-54990

XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin...

CVE-2025-54990 XWiki AdminTools application doesn't set permissions on the AdminTools space

XWiki AdminTools integrates administrative tools for managing a running XWiki instance. Prior to version 1.1, users without admin rights have access to AdminTools.SpammedPages. View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin...

EUVD-2025-198063

XWiki AdminTools application doesn't set permissions on the AdminTools space...

EUVD-2023-2925

Malicious code in bioql PyPI...

The vulnerability of the XWiki Admin Tools administrative tool of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the XWiki Admin Tools administrative tool, a component of the XWiki Platform for creating collaborative web applications, is related to insufficient verification of the authenticity of executed queries. Exploiting this vulnerability could allow a malicious actor, operating...

Cross site request forgery (csrf)

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

PT-2023-8618 · Xwiki · Xwiki Admin Tools

Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools versions 4.4 through 4.5.0 Description: The issue is related to insufficient authentication of executed requests in the XWiki Admin Tools application. This allows a remote attacker to execute arbitrary commands by tricking a...

PT-2023-8619 · Xwiki · Xwiki Admin Tools Application

Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools Application versions prior to 4.5.1 Description: A cross-site request forgery issue in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. This could be used to dama...