257 matches found
YesWiki < 4.5.4 - Cross-Site Scripting
YesWiki 4.5.4 contains a reflected cross-site scripting caused by unsanitized idformulaire parameter in /?BazaR endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link. id: CVE-2025-46550 info: name: YesWiki 4.5.4 - Cross-Site Scripting author:...
Yeswiki < 4.5.2 - Unauthenticated Path Traversal
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. id: CVE-2025-31131 info: name: Yeswiki 4.5.2 - Unauthenticated Path Traversal author: iamnoooob,rootxharsh,pdresearch severity: high...
YesWiki Reflected XSS via File Upload
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...
CVE-2026-52762
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:30+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-65p8-9433-jpcp...
CVE-2026-52763
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:28+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-89v6-j5x6-cmj3...
CVE-2026-52767
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:23+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-mv28-wj57-f57g...
CVE-2026-52769
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:21+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-vw42-752g-5mrp...
CVE-2026-52770
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:19+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-qg78-vmvc-fhjw...
CVE-2026-52771
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:16+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-8f2v-2qhj-gfwg...
CVE-2026-52772
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:14+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-xc7j-3g8q-9vh4...
CVE-2026-52773
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:12+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-35f3-pg38-486f...
CVE-2026-52774
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:10+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r5xw-gcgw-hwp5 2026-07-13 06:00:05+00:00| confirmed|...
CVE-2026-52775
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:07+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4pf7-cc4r-g63h...
EUVD-2026-35181
YesWiki has Unsafe eval in its Formula Calculato, Leading to Remote Code Execution & Denial of Service...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the deleteUserReaction process. An attacker can access and manipulate sensitive database information by injecting crafted SQL through the idreaction and id URL path parameters as an authenticated user. Remediation...
GHSA-4PF7-CC4R-G63H YesWiki has Authenticated SQL Injection via ReactionManager
Summary YesWiki through the latest development branch contains a SQL injection vulnerability in ReactionManager::deleteUserReaction that allows any authenticated user to inject arbitrary SQL via the idreaction and id URL path parameters. The parameters are concatenated directly into a SQL LIKE...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the query or queries filters in public API endpoints. An attacker can access sensitive database information by injecting crafted SQL expressions into numeric filter parameters, allowing them to infer data based on the...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verifySignature process due to improper verification of cryptographic signatures when handling the return value of opensslverify. An attacker can gain unauthorized access and perfo...
PT-2026-57027
Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An issue exists in the erasespamedcomments wiki action, located in actions/EraseSpamedCommentsAction.php, which allows unauthenticated users to permanently delete arbitrary wiki pages. The action...
YesWiki < 4.6.4 - Unauthenticated SQL Injection
YesWiki before version 4.6.4 contains an unauthenticated SQL injection vulnerability in the Bazar form-import path. The bnidnature parameter in FormManager::create is concatenated into an INSERT statement without sanitization, allowing unauthenticated attackers to inject arbitrary SQL and read th...