GHSA-P9QM-P942-Q3W5 XWiki Platform vulnerable to SQL injection through XWiki#searchDocuments API
Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWikisearchDocuments APIs are not sanitizing the query at all and even if they force a specific select, Hibernate allows using any native function in an HQL query for example in the...