Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rating Script Service expose XWiki to SQL injection
Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Thomas Mortagne xwiki-platform SQL注入漏洞
Vulnerability Description
Thomas Mortagne xwiki-platform是Thomas Mortagne开源的一个应用程序。一个通用的Wiki平台,为基于其构建的应用程序提供运行时服务。 XWiki Platform 存在SQL注入漏洞,该漏洞源于评级脚本服务公开一个API来执行SQL请求,而不需要转义搜索参数。
CVSS Information
N/A
Vulnerability Type
N/A