Description
XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. This vulnerability is fixed in 16.10.2, 16.4.7, and 15.10.16.
Remediation
References
Related Vulnerabilities
Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383)
WordPress Plugin Defa Online Image Protector Cross-Site Scripting (3.3)
WordPress Plugin Easing Slider Multiple Cross-Site Scripting Vulnerabilities (2.2.0.6)
Oracle Application Server Other Vulnerability (CVE-2006-5362)
WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.2.3)