CVE-2026-41143 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

CVE-2026-41143 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

CVE-2026-41143

YesWiki contains an authenticated SQL injection in the bazar module, via id_fiche in EntryManager::formatDataBeforeSave() (code path: tools/bazar/services/EntryManager.php:704). The vulnerable query concatenates $_POST['id_fiche'] into SQL without sanitization, e.g. selecting MIN(time) from pages...

CVE-2026-41143

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...

PT-2026-37109

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.1 Description The bazar module contains a SQL injection flaw in the tools/bazar/services/EntryManager.php file. The issue occurs because the id fiche value, sourced from the $ POST'id fiche' variable, is...

Malicious code in wm-prelib-plugin-entry-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 091ed6d792340628b88fdfb7fb19f79b1105b51723e381e75d1e74231da7db50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag...

CVE-2006-2495

CVE-2006-2495 describes a CSRF vulnerability in the Serendipity project’s Entry Manager prior to version 1.0-beta3 . The issue allows remote attackers to perform unauthorized actions on behalf of a logged-in user by enticing them to click a link or view an image tag. The underlying risk is cross-...

CVE-2006-2495

Cross-site request forgery CSRF vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag...