Yeswiki
Products
1- 19 CVEs
Recent CVEs
19| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1000641 | Cri | 0.64 | 9.8 | 0.02 | Aug 20, 2018 | YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information. | ||
| CVE-2026-52778 | Cri | 0.57 | 9.8 | 0.01 | Jun 8, 2026 | YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular… | ||
| CVE-2026-46670 | cri | 0.52 | — | 0.00 | May 22, 2026 | ### Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an `INSERT` statement and read the full database, including `yeswiki_users.password`… | ||
| CVE-2026-34598 | Med | 0.40 | 6.1 | 0.00 | Apr 2, 2026 | YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user… | ||
| CVE-2018-13045 | 0.03 | — | 0.03 | Jan 2, 2019 | SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter. | |||
| CVE-2025-52277 | 0.00 | — | 0.00 | Sep 9, 2025 | Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field | |||
| CVE-2025-46550 | 0.00 | — | 0.01 | Apr 29, 2025 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them… | |||
| CVE-2025-46549 | 0.00 | — | 0.01 | Apr 29, 2025 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session.… | |||
| CVE-2025-46348 | 0.00 | — | 0.01 | Apr 29, 2025 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without… | |||
| CVE-2025-46350 | 0.00 | — | 0.00 | Apr 29, 2025 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session.… | |||
| CVE-2025-46349 | 0.00 | — | 0.01 | Apr 29, 2025 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This… | |||
| CVE-2025-46347 | 0.00 | — | 0.01 | Apr 29, 2025 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a… | |||
| CVE-2025-46346 | 0.00 | — | 0.00 | Apr 29, 2025 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the… | |||
| CVE-2025-31131 | 0.00 | — | 0.05 | Apr 1, 2025 | YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2. | |||
| CVE-2025-24019 | 0.00 | — | 0.01 | Jan 21, 2025 | YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without any limitation on the… | |||
| CVE-2025-24018 | 0.00 | — | 0.00 | Jan 21, 2025 | YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes… | |||
| CVE-2025-24017 | 0.00 | — | 0.00 | Jan 21, 2025 | YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When… | |||
| CVE-2024-51478 | 0.00 | — | 0.00 | Oct 31, 2024 | YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5. | |||
| CVE-2021-43091 | 0.00 | — | 0.01 | Mar 25, 2022 | An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. |
- risk 0.64cvss 9.8epss 0.02
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.
- risk 0.57cvss 9.8epss 0.01
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular…
- risk 0.52cvss —epss 0.00
### Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an `INSERT` statement and read the full database, including `yeswiki_users.password`…
- risk 0.40cvss 6.1epss 0.00
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user…
- CVE-2018-13045Jan 2, 2019risk 0.03cvss —epss 0.03
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbitrary SQL commands via the "id" parameter.
- CVE-2025-52277Sep 9, 2025risk 0.00cvss —epss 0.00
Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field
- CVE-2025-46550Apr 29, 2025risk 0.00cvss —epss 0.01
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them…
- CVE-2025-46549Apr 29, 2025risk 0.00cvss —epss 0.01
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session.…
- CVE-2025-46348Apr 29, 2025risk 0.00cvss —epss 0.01
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without…
- CVE-2025-46350Apr 29, 2025risk 0.00cvss —epss 0.00
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session.…
- CVE-2025-46349Apr 29, 2025risk 0.00cvss —epss 0.01
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This…
- CVE-2025-46347Apr 29, 2025risk 0.00cvss —epss 0.01
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a…
- CVE-2025-46346Apr 29, 2025risk 0.00cvss —epss 0.00
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the…
- CVE-2025-31131Apr 1, 2025risk 0.00cvss —epss 0.05
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
- CVE-2025-24019Jan 21, 2025risk 0.00cvss —epss 0.01
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without any limitation on the…
- CVE-2025-24018Jan 21, 2025risk 0.00cvss —epss 0.00
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes…
- CVE-2025-24017Jan 21, 2025risk 0.00cvss —epss 0.00
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When…
- CVE-2024-51478Oct 31, 2024risk 0.00cvss —epss 0.00
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.
- CVE-2021-43091Mar 25, 2022risk 0.00cvss —epss 0.01
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.