4 matches found
CVE-2026-41143
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...
CVE-2026-41143
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any...
GHSA-F58V-P6J9-24C2 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()
Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the formatDataBeforeSave process. An attacker can execute arbitrary SQL commands by supplying crafted input to the idfiche parameter, which is concatenated directly into a SQL query without sanitization. Remediation...