GHSA-4PF7-CC4R-G63H YesWiki has Authenticated SQL Injection via ReactionManager
Summary YesWiki through the latest development branch contains a SQL injection vulnerability in ReactionManager::deleteUserReaction that allows any authenticated user to inject arbitrary SQL via the idreaction and id URL path parameters. The parameters are concatenated directly into a SQL LIKE...