CNNVD-202507-3123 Information
CNNVD ID
CNNVD-202507-3123
Related CVE
- CNNVD Published: 2025-07-24
Description (Chinese)
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 9.4-rc-1至16.10.5版本和17.0.0-rc-1至17.2.2版本存在SQL注入漏洞,该漏洞源于getdeleteddocuments.vm中参数sort的错误操作导致SQL注入。
Description (English)
XWiki Platform is an open source of XWiki ’ s Wiki platform for creating a Web collaborative application. Versions 9.4-rc-1 to 16.10.5 and 17.0.0-rc-1 to 17.2.2 of XWiki Platform and versions 17.0-rc-1 to 17.2.2 contain an injection loophole in SQL, which stems from the error of the sort of the parameter in GetdeletedDocuments.vm resulting in SQL injection.
Hazard Level
Low
Vulnerability Type
SQL注入
Affected Vendor
XWiki
Published
2025-07-24
Last Modified
2026-02-24
References
https://jira.xwiki.org/browse/XWIKI-23093 https://github.com/xwiki/xwiki-platform/commit/dfd0744e9c18d24ac66a0d261dc6cafd1c209101 https://github.com/xwiki/xwiki-platform/commit/f502b5d5fd36284a50890ad26d168b7d8dc80bd3 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vr59-gm53-v7cq https://www.exploit-db.com/exploits/52384
Patch
https://www.xwiki.org/xwiki/bin/view/Download/
Share on: