CVE-2024-55663
published 2024-12-12CVE-2024-55663: XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.72%
49.2th percentile
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This has been patched in 13.10.5 and 14.3-rc-1. There is no known workaround, other than upgrading XWiki.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | — | — |
| xwiki | xwiki | >= 14.0 < 14.3 | 14.3 |
| xwiki | xwiki | >= 6.4 < 13.10.5 | 13.10.5 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.6HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
osv·2024-12-12
CVE-2024-55663 [HIGH] XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
### Impact
In `getdocument.vm` ; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL.
Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries.
It's possible to employ database backend dependent techniques of breaking out of HQL query context, described, for example, here: https://www.sonarsource.com/blog/exploiting-hibernate-injections.
### Patches
This has been patched in 13.10.5 and 14.3-rc-1.
### Workarounds
There is no known workaround, other than upgrading XWiki.
### Reference
GHSA
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
ghsa·2024-12-12
CVE-2024-55663 [HIGH] CWE-116 XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
### Impact
In `getdocument.vm` ; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL.
Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries.
It's possible to employ database backend dependent techniques of breaking out of HQL query context, described, for example, here: https://www.sonarsource.com/blog/exploiting-hibernate-injections.
### Patches
This has been patched in 13.10.5 and 14.3-rc-1.
### Workarounds
There is no known workaround, other than upgrading XWiki.
### Reference
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-12-12
Published