Miggo Logo
Miggo Vulnerability Database
CVE-2024-56158

CVE-2024-56158: XWiki allows SQL injection in query endpoint of REST API with Oracle

N/A

CVSS Score

Basic Information

CVE ID
CVE-2024-56158
GHSA ID
GHSA-prwh-7838-xf82
EPSS Score
0.20491%
CWE
CWE-89
Published
6/12/2025
Updated
6/12/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.xwiki.platform:xwiki-platform-oldcoremaven>= 1.0, < 15.10.1615.10.16
org.xwiki.platform:xwiki-platform-oldcoremaven>= 16.0.0-rc-1, < 16.4.716.4.7
org.xwiki.platform:xwiki-platform-oldcoremaven>= 16.5.0-rc-1, < 16.10.216.10.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

### Imp**t It's possi*l* to *x**ut* *ny SQL qu*ry in Or**l* *y usin* t** *un*tion lik* [**MS_XML**N or **MS_XMLQU*RY](*ttps://*o*s.or**l*.*om/*n/**t***s*/or**l*/or**l*-**t***s*/**/*rpls/**MS_XML**N.*tml). T** XWiki qu*ry v*li**tor *o*s not s*nitiz*

Reasoning

No *n*lysis *v*il**l*