251 matches found
Yeswiki < 4.5.2 - Unauthenticated Path Traversal
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. id: CVE-2025-31131 info: name: Yeswiki 4.5.2 - Unauthenticated Path Traversal author: iamnoooob,rootxharsh,pdresearch severity: high...
YesWiki Reflected XSS via File Upload
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...
YesWiki < 4.5.4 - Cross-Site Scripting
YesWiki 4.5.4 contains a reflected cross-site scripting caused by unsanitized idformulaire parameter in /?BazaR endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link. id: CVE-2025-46550 info: name: YesWiki 4.5.4 - Cross-Site Scripting author:...
CVE-2026-52762
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:30+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-65p8-9433-jpcp...
CVE-2026-52763
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:28+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-89v6-j5x6-cmj3...
CVE-2026-52767
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:23+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-mv28-wj57-f57g...
CVE-2026-52769
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:21+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-vw42-752g-5mrp...
CVE-2026-52770
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:19+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-qg78-vmvc-fhjw...
CVE-2026-52771
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:16+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-8f2v-2qhj-gfwg...
CVE-2026-52772
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:14+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-xc7j-3g8q-9vh4...
CVE-2026-52773
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:12+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-35f3-pg38-486f...
CVE-2026-52774
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:10+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r5xw-gcgw-hwp5 2026-07-13 06:00:05+00:00| confirmed|...
CVE-2026-52775
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:07+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4pf7-cc4r-g63h...
EUVD-2026-35181
YesWiki has Unsafe eval in its Formula Calculato, Leading to Remote Code Execution & Denial of Service...
PT-2026-57027
Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An issue exists in the erasespamedcomments wiki action, located in actions/EraseSpamedCommentsAction.php, which allows unauthenticated users to permanently delete arbitrary wiki pages. The action...
YesWiki < 4.6.4 - Unauthenticated SQL Injection
YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...
CVE-2026-52778
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...
CVE-2026-52778
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...
CVE-2026-52778 YesWiki has Unsafe eval() in Formula Calculator - Remote Code Execution (RCE) & Denial of Service (DoS)
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...
CVE-2026-52778
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator CalcField.php of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passin...