CNNVD-202506-1670 Information
CNNVD ID
CNNVD-202506-1670
Related CVE
- CNNVD Published: 2025-06-12
Description (Chinese)
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在SQL注入漏洞,该漏洞源于查询验证器未清理DBMS_XMLGEN或DBMS_XMLQUERY等函数,可能导致SQL注入攻击。
Description (English)
XWiki Platform is an open source of XWiki ’ s Wiki platform for creating a Web collaborative application. XWiki Platform has an SQL injection loophole, which arises from the fact that the query certifier did not clean up functions such as DBMS XMLGEN or DBMS XMLQUERY, which could lead to an SQL injection attack.
Hazard Level
Low
Vulnerability Type
SQL注入
Affected Vendor
XWiki
Published
2025-06-12
Last Modified
2026-02-24
References
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-prwh-7838-xf82 https://jira.xwiki.org/browse/XWIKI-22734 https://nvd.nist.gov/vuln/detail/CVE-2024-56158 https://access.redhat.com/security/cve/cve-2024-56158
Patch
https://www.xwiki.org/xwiki/bin/view/Main/WebHome
Share on: