CVE-2024-55663: XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
First published: Thu Dec 12 2024(Updated: )
### Impact In `getdocument.vm` ; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. It's possible to employ database backend dependent techniques of breaking out of HQL query context, described, for example, here: https://www.sonarsource.com/blog/exploiting-hibernate-injections. ### Patches This has been patched in 13.10.5 and 14.3-rc-1. ### Workarounds There is no known workaround, other than upgrading XWiki. ### References https://jira.xwiki.org/browse/XWIKI-17568 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.xwiki.platform:xwiki-platform-distribution-war | >=6.3-milestone-2<13.10.5 | 13.10.5 |
| maven/org.xwiki.platform:xwiki-platform-distribution-war | >=14.0-rc-1<14.3-rc-1 | 14.3-rc-1 |
| Xwiki Xwiki | >=6.4<13.10.5 | |
| Xwiki Xwiki | >=14.0<14.3 | |
| Xwiki Xwiki | =6.3 | |
| Xwiki Xwiki | =6.3-milestone2 | |
| Xwiki Xwiki | =6.3-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398
- https://github.com/xwiki/xwiki-platform/commit/673076e2e8b88a36cdeaf7007843aa9ca1a068a0
- https://jira.xwiki.org/browse/XWIKI-17568
- https://nvd.nist.gov/vuln/detail/CVE-2024-55663
- https://github.com/advisories/GHSA-wh34-m772-5398 (Advisory)
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/type
- agent/event
- agent/references
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wh34-m772-5398
- alias/CVE-2024-55663
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/nvd-cve
- source/NVD
- agent/description
- agent/trending
- collector/github-advisory
- collector/nvd-api
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/softwarecombine
- package-manager/maven
- vendor/xwiki
- canonical/xwiki xwiki
- version/xwiki xwiki/6.4
- version/xwiki xwiki/14.0
- version/xwiki xwiki/6.3
- version/xwiki xwiki/6.3-milestone2
- version/xwiki xwiki/6.3-rc1