CVE-2024-56158 | xwiki-platform up to 15.10.15/16.4.6/16.10.1 DBMS_XMLGEN/DBMS_XMLQUERY sql injection

Inserito da Angelo Barbosa | Giu 12, 2025 | CVE

A vulnerability, which was classified as critical, has been found in xwiki-platform up to 15.10.15/16.4.6/16.10.1. Affected by this issue is the function DBMS_XMLGEN/DBMS_XMLQUERY. The manipulation leads to sql injection.

This vulnerability is handled as CVE-2024-56158. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-56158 | xwiki-platform up to 15.10.15/16.4.6/16.10.1 DBMS_XMLGEN/DBMS_XMLQUERY sql injection

Post correlati

CVE-2024-45053 | ethyca fides up to 2.43.x Jinja Template special elements used in a template engine (GHSA-c34r-238x-f7qx)

CVE-2024-36412 | SalesAgility SuiteCRM up to 7.14.3/8.6.0 Events Response Entry Point sql injection

CVE-2024-29804 | Team Heateor Fancy Comments Plugin up to 1.2.14 on WordPress cross site scripting

CVE-2023-29881 | PHPOK 6.4.003 call_control.php index_f sql injection (Issue 15)