CNNVD-202510-805 Information
CNNVD ID
CNNVD-202510-805
Related CVE
- CNNVD Published: 2025-10-06
Description (Chinese)
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 4.3-milestone-1版本至16.10.9版本、17.4.2版本和17.5.0版本之前版本存在SQL注入漏洞,该漏洞源于orderField参数存在HQL注入,可能导致SQL注入攻击。
Description (English)
XWiki Platform is an open source of XWiki ’ s Wiki platform for creating a Web collaborative application. The previous versions of XWiki Platform 4.3-milestone-1 to 16.10.9, 17.4.2 and 17.5.0 had an SQL injection loophole, which stemmed from the HQL injection of the orderfield parameter and could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
XWiki
Published
2025-10-06
Last Modified
2026-02-24
References
https://github.com/xwiki/xwiki-platform/commit/743ebf8696ffa55161ed2c5ecf26b09f69e6bcf1 https://github.com/xwiki/xwiki-platform/commit/a45eca2af772abb7324e56d7fd2df1ac937bc445 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gprp-h92g-gc2h https://jira.xwiki.org/browse/XWIKI-23247
Patch
https://www.xwiki.org/xwiki/bin/view/Main/WebHome
Share on: