Plattform
java
Komponente
org.xwiki.platform:xwiki-platform-oldcore
Behoben in
1.0.1
16.0.1
16.5.1
15.10.16
CVE-2024-56158 describes a critical SQL Injection vulnerability discovered in XWiki Platform. This flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions prior to 15.10.16, 16.4.7, and 16.10.2. Patches are available to address this issue.
The SQL Injection vulnerability in XWiki Platform allows an attacker to leverage functions like DBMSXMLGEN or DBMSXMLQUERY within HQL queries. Because the XWiki query validator fails to sanitize these functions, Hibernate permits their use in native SQL queries. Successful exploitation enables an attacker to bypass security controls and directly interact with the underlying database. This can lead to the extraction of sensitive data, modification of critical system configurations, or even complete system takeover. The potential impact is significant, particularly in environments where XWiki is used to manage sensitive information or integrate with other critical systems.
While no active exploitation campaigns have been publicly reported, the severity of the vulnerability (CVSS 9.5) and the ease of exploitation (due to the use of standard SQL functions) suggest a high likelihood of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept code is not yet available, but the vulnerability description provides sufficient detail for attackers to develop their own exploits. The vulnerability was disclosed on June 12, 2025.
Organizations using XWiki Platform to manage sensitive data, particularly those running versions prior to 15.10.16, 16.4.7, or 16.10.2, are at significant risk. This includes deployments where XWiki is integrated with other critical systems or used in environments with strict data security requirements. Shared hosting environments where multiple users share the same XWiki instance are also particularly vulnerable.
• java: Monitor XWiki application logs for unusual SQL query patterns, particularly those involving DBMSXMLGEN or DBMSXMLQUERY. Use Java profiling tools to identify any unexpected database interactions.
• generic web: Examine access logs for requests targeting vulnerable endpoints. Look for POST requests containing suspicious SQL syntax.
• database (oracle): Use Oracle audit trails to monitor for unauthorized database access and execution of suspicious SQL queries. Specifically, look for queries using DBMSXMLGEN or DBMSXMLQUERY from unexpected sources.
SELECT username, os_username, module FROM dba_audit_trail WHERE action_name = 'EXECUTE' AND os_username = '<user_to_monitor>';disclosure
Exploit-Status
EPSS
0.71% (72% Perzentil)
CISA SSVC
The primary mitigation for CVE-2024-56158 is to upgrade XWiki Platform to a patched version: 15.10.16, 16.4.7, or 16.10.2. Unfortunately, there are no known workarounds beyond upgrading. Prior to upgrading, it is crucial to review the XWiki release notes for any potential breaking changes and plan a rollback strategy if necessary. After upgrading, verify the fix by attempting to execute a SQL query through the vulnerable endpoint and confirming that it is properly sanitized and rejected.
Actualice XWiki a la versión 16.10.2, 16.4.7 o 15.10.16, o a una versión posterior. Estas versiones contienen una solución para la vulnerabilidad de inyección SQL. La actualización evitará la ejecución de consultas SQL no autorizadas en la base de datos Oracle.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-56158 is a critical SQL Injection vulnerability in XWiki Platform allowing attackers to execute arbitrary SQL queries, potentially leading to data breaches and system compromise.
You are affected if you are running XWiki Platform versions prior to 15.10.16, 16.4.7, or 16.10.2. Upgrade immediately to mitigate the risk.
Upgrade XWiki Platform to version 15.10.16, 16.4.7, or 16.10.2. There are no known workarounds besides upgrading.
While no active exploitation campaigns have been publicly reported, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the official XWiki advisory on their Jira instance: https://jira.xwiki.org/browse/XWIKI-22734
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.