Description

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.

Remediation

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545

https://jira.xwiki.org/browse/XWIKI-19523

Related Vulnerabilities

CVE-2022-36909 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer

CVE-2019-5414 Vulnerability in npm package kill-port

CVE-2021-23371 Vulnerability in npm package chrono-node

CVE-2014-3004 Vulnerability in maven package org.codehaus.castor:castor-xml

CVE-2023-25141 Vulnerability in maven package org.apache.sling:org.apache.sling.jcr.base

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Vendor Advisory Issue Tracking Patch NVD-CWE-noinfo