What is the severity of CVE-2021-21380?

CVE-2021-21380 is rated as a critical vulnerability due to its potential to expose SQL requests without proper escaping.

How do I fix CVE-2021-21380?

To remediate CVE-2021-21380, upgrade your XWiki Platform to a version greater than 12.8 or apply available patches.

Which versions of XWiki are affected by CVE-2021-21380?

CVE-2021-21380 affects XWiki Platform versions from 6.4.1 to 12.8, including other specific milestones and release candidates of 6.4.

What are the potential impacts of CVE-2021-21380?

Exploitation of CVE-2021-21380 can lead to unauthorized access and manipulation of the database through unescaped SQL queries.

Does CVE-2021-21380 affect all XWiki installations?

No, CVE-2021-21380 specifically affects installations that have the Ratings API enabled.

Vulnerability/
CVE-2021-21380

high

8.8

CWE

23/3/2021

3/8/2024

CVE-2021-21380: Rating Script Service expose XWiki to SQL injection

First published: Tue Mar 23 2021(Updated: )

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Xwiki	>=6.4.1<=12.8
Xwiki	=6.4
Xwiki	=6.4-milestone3
Xwiki	=6.4-rc1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-21380?
CVE-2021-21380 is rated as a critical vulnerability due to its potential to expose SQL requests without proper escaping.
How do I fix CVE-2021-21380?
To remediate CVE-2021-21380, upgrade your XWiki Platform to a version greater than 12.8 or apply available patches.
Which versions of XWiki are affected by CVE-2021-21380?
CVE-2021-21380 affects XWiki Platform versions from 6.4.1 to 12.8, including other specific milestones and release candidates of 6.4.
What are the potential impacts of CVE-2021-21380?
Exploitation of CVE-2021-21380 can lead to unauthorized access and manipulation of the database through unescaped SQL queries.
Does CVE-2021-21380 affect all XWiki installations?
No, CVE-2021-21380 specifically affects installations that have the Ratings API enabled.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/author
agent/title
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/xwiki
canonical/xwiki
version/xwiki/6.4.1
version/xwiki/12.8
version/xwiki/6.4
version/xwiki/6.4-milestone3
version/xwiki/6.4-rc1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.