6 matches found
EUVD-2024-54677
Malicious code in bioql PyPI...
XWiki 1.0 < 15.10.16, 16.0.0-rc-1 < 16.4.7, 16.5.0-rc-1 < 16.10.2 SQLi Vulnerability (GHSA-prwh-7838-xf82)
Xwiki is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescriptio...
CVE-2024-56158
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...
GHSA-PRWH-7838-XF82 XWiki allows SQL injection in query endpoint of REST API with Oracle
Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Patches This has been patched ...
CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...
CVE-2024-56158
CVE-2024-56158 affects XWiki; SQL injection arises via Oracle DBMS_XMLGEN/DBMS_XMLQUERY usage where the query validator does not sanitize functions in a simple select and Hibernate allows native functions in HQL. Affected versions are XWiki prior to 16.10.2, 16.4.7, and 15.10.16; remediation is t...