XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2, 16.4.7, and 15.10.16.
CVSS
No CVSS.
References
Configurations
No configuration.
History
12 Jun 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-12 15:15
Updated : 2025-06-12 16:06
NVD link : CVE-2024-56158
Mitre link : CVE-2024-56158
CVE.ORG link : CVE-2024-56158
JSON object : View
Products Affected
No product.
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')