CVE-2025-52472 PoC — XWiki Platform SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-52472.yaml

Associated Vulnerability

Title:XWiki Platform SQL注入漏洞 (CVE-2025-52472)
Description:XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 4.3-milestone-1版本至16.10.9版本、17.4.2版本和17.5.0版本之前版本存在SQL注入漏洞，该漏洞源于orderField参数存在HQL注入，可能导致SQL注入攻击。

Description

XWiki is vulnerable to Hibernate Query Language (HQL) injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potentially leading to data extraction, authentication bypass, or remote code execution depending on database backend and configuration.

File Snapshot


 id: CVE-2025-52472

info:
  name: XWiki - HQL Injection
  author: ritikchaddha
  severity: high
  de

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!