Security Advisory

CVE-2024-56158

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-12 14:56:56
Last updated 2026-01-12 14:43:46
Assigner GitHub_M
State PUBLISHED

Description

XWiki is a generic wiki platform. Its possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2, 16.4.7, and 15.10.16.