XPath injection is a type of vulnerability that allows attackers to execute arbitrary queries on XML databases. XPath injection vulnerabilities are similar to SQL injection vulnerabilities, but they affect XML databases instead of SQL databases. XPath injection is often more dangerous than SQL injection, because permissions are not enforced and the malicious queries can access every part of the XML documents.
XPath injection applies to any application that uses XPath to query XML documents.
XPath injection attacks may allow an attacker to retrieve, manipulate, or destroy data stored in XML documents. The exact impact depends on the type of XML data that is exposed via XPath injection. If authentication data is exposed, the attacker is able to take over any user account. By taking over the administrator's account, the attacker is able to take full control of the application.
To prevent this vulnerability, validate all input and use parameterized APIs if possible.
To check for adequate protection against this vulnerability, find all code that uses XPath queries and make sure it does not include unvalidated user input.