Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XWiki allows SQL injection in query endpoint of REST API with Oracle
Vulnerability Description
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2, 16.4.7, and 15.10.16.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
XWiki Platform 注入漏洞
Vulnerability Description
XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform存在SQL注入漏洞,该漏洞源于查询验证器未清理DBMS_XMLGEN或DBMS_XMLQUERY等函数,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A