CNNVD-202601-1748 Information
CNNVD ID
CNNVD-202601-1748
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
XWiki Full Calendar Macro是XWiki开源的一个日志表扩展组件。 XWiki Full Calendar Macro 2.4.5之前版本存在SQL注入漏洞,该漏洞源于具有查看Calendar.JSONService页面权限的用户可能利用SQL注入漏洞访问数据库信息或发起拒绝服务攻击。
Description (English)
XWiki Full Calendar Macro is a log table extension for XWiki open source. The previous version of XWiki Full Calendar Macro 2.4.5 had an injection loophole in SQL, which arose out of the possibility that users with access to the Calendar.JSONService page might use SQL to plug in to access database information or launch a service denial attack.
Hazard Level
Low
Vulnerability Type
SQL注入
Affected Vendor
XWiki
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/xwiki-contrib/macro-fullcalendar/commit/5fdcf06a05015786492fda69b4d9dea5460cc994 https://github.com/xwiki-contrib/macro-fullcalendar/security/advisories/GHSA-2g22-wg49-fgv5
Patch
https://github.com/xwiki-contrib/macro-fullcalendar/tags
Share on: