EUVD-2026-28312

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

CVE-2026-41143

YesWiki contains an authenticated SQL injection in the bazar module, via id_fiche in EntryManager::formatDataBeforeSave() (code path: tools/bazar/services/EntryManager.php:704). The vulnerable query concatenates $_POST['id_fiche'] into SQL without sanitization, e.g. selecting MIN(time) from pages...

CVE-2026-41143

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...

YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...

PT-2026-37109

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.1 Description The bazar module contains a SQL injection flaw in the tools/bazar/services/EntryManager.php file. The issue occurs because the id fiche value, sourced from the $ POST'id fiche' variable, is...

MAL-2025-35333 Malicious code in test-mlw2-fiche-lytta (npm)

The package test-mlw2-fiche-lytta was found to contain malicious code...

Malicious code in test-mlw2-fiche-lytta (npm)

The package test-mlw2-fiche-lytta was found to contain malicious code...

PT-2019-6873 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.3.1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the pays parameter in the "fiche.php" file. Recommendations: For Dolibarr ERP/CRM version...

remorquerolland.com XSS vulnerability

Open Bug Bounty ID: OBB-472573 Description| Value ---|--- Affected Website:| remorquerolland.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

WordPress Daily Edition Theme SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress Daily Edition Theme is a theme plugin for wordpress. WordPress Daily Edition Theme "fiche-disque.php...

WordPress Daily Edition Theme Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress Daily Edition Theme is a theme plugin for wordpress. WordPress Daily Edition Theme fiche-disque.php...

WooThemes Daily Edition <= 1.6.2 - Cross-Site Scripting (XSS)

According to the original advisory "The code programming flaw occurs at 'fiche-disque.php?' page with 'id' parameters."...

WooThemes Daily Edition <= 1.6.2 - SQL Injection

According to the researcher, "The code flaw occurs at 'fiche-disque.php?' page with '' parameter."...

CVE-2014-3992

Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 entity parameter in an update action to user/fiche.php or 2 sortorder parameter to user/group/index.php...

PT-2014-5659 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the entity parameter in an update action to "user/fiche.php" or the sortorder parameter to...

PT-2012-3149 · Dolibarr · Dolibarr Cms

Name of the Vulnerable Software and Affected Versions: Dolibarr CMS version 3.2.0 Alpha Description: The issue allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. dot dot in the file parameter to "document.php" or backtopage parameter in a create action to...

Fiche Avion SQL Injection

Exploit Title: Fiche Avion SQL Injection Author: Th4 MasK Contact to ; [email protected] Date : 19.01.2012 Platform : Php Dork: ficheavion.php?id= Demo Site : http://www.mrcmodelisme.com/ficheavion.php?id=32SQL Bilinmezlik Diyari Olmassa Olmazýmdýr. Bazi seyler. Email:[email protected]...

Easy Px 41 CMS 09.00.00B1 - &#039;fiche&#039; Local File Inclusion

Easy Px 41 CMS v09.00.00B1 fiche Local File Include Exploit D.Script: http://www.easy-script.com/scripts-dl/EPX41v9.zip Discovered by: ThE g0bL!N Greetz To: ALL My Friend dz Exploit: /path/?view=LivreDor&fiche=../../../../../../../../etc/passwd%00 Demo...