CVE-2024-56158 Information
Jun 13, 2025
cve
Description
XWiki is a generic wiki platform. It’s possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2 16.4.7 and 15.10.16.
Reference
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-prwh-7838-xf82 https://jira.xwiki.org/browse/XWIKI-22734
Related CNNVD
CNNVD-202506-1670 (Published: 2025-06-12)
Share on: