Security Advisory

CVE-2025-32429

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-24 22:22:35

Last updated 2025-07-25 13:32:47

Assigner GitHub_M

State PUBLISHED

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, its possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. Its injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.

← Browse all CVEs View on cve.org ↗