yeswiki/yeswiki
Packagist17 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting yeswiki/yeswikipage 1 of 1
- CVE-2021-43091HIGHCVSS 7.5EG 7.5✓ Fixed in 4.1.02022-03-25
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.
- CVE-2024-51478CRITICALCVSS 9.9EG 9.9✓ Fixed in 4.4.52024-10-31
vulnerable: 4.2.3 ... v4.4.4 (18 versions)
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is …
- CVE-2025-24017HIGHCVSS 7.6EG 7.6✓ Fixed in 4.5.02025-01-21
vulnerable: 4.2.3 ... v4.4.5 (19 versions)
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability make…
- CVE-2025-24018HIGHCVSS 7.6EG 7.6✓ Fixed in 4.5.02025-01-21
vulnerable: 4.2.3 ... v4.4.5 (19 versions)
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the res…
- CVE-2025-24019HIGHCVSS 7.1EG 7.1✓ Fixed in 4.5.02025-01-21
vulnerable: 4.2.3 ... v4.4.5 (19 versions)
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on…
- CVE-2025-31131HIGHCVSS 8.6EG 8.6✓ Fixed in 4.5.22025-04-01
vulnerable: 4.2.3 ... v4.5.1 (21 versions)
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
- CVE-2025-46346MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.5.42025-04-29
vulnerable: 4.2.3 ... v4.5.3 (23 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads th…
- CVE-2025-46347CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.5.42025-04-29
vulnerable: 4.2.3 ... v4.5.3 (23 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitr…
- CVE-2025-46348CRITICALCVSS 10.0EG 10.0✓ Fixed in 4.5.42025-04-29
vulnerable: 4.2.3 ... v4.5.3 (23 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could …
- CVE-2025-46349HIGHCVSS 7.6EG 7.62025-04-29
vulnerable: 4.2.3 ... v4.5.3 (23 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the vi…
- CVE-2025-46350LOWCVSS 3.5EG 3.5✓ Fixed in 4.5.42025-04-29
vulnerable: 4.2.3 ... v4.5.3 (23 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the att…
- CVE-2025-46549MEDIUMCVSS 4.3EG 4.3✓ Fixed in 4.5.42025-04-29
vulnerable: 4.2.3 ... v4.5.3 (23 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the att…
- CVE-2025-46550MEDIUMCVSS 4.3EG 4.3✓ Fixed in 4.5.42025-04-29
vulnerable: 4.2.3 ... v4.5.3 (23 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from …
- CVE-2025-52277MEDIUMCVSS 6.1EG 6.12025-09-09
vulnerable: 4.2.3 ... v4.5.4 (24 versions)
Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field
- CVE-2026-34598MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.6.02026-04-02
vulnerable: 4.2.3 ... v4.5.5 (25 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in t…
- CVE-2026-41143HIGHCVSS 8.8EG 8.8✓ Fixed in 4.6.12026-05-07
vulnerable: 4.2.3 ... v4.6.0 (26 versions)
YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']…
- CVE-2026-46670CRITICALCVSS 9.8EG 9.8✓ Fixed in 4.6.42026-05-22
vulnerable: 4.2.3 ... v4.6.3 (29 versions)
YesWiki: Unauthenticated SQL Injection ### Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki install to inject arbitrary SQL into an `…
Check whether yeswiki/yeswiki is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for yeswiki/yeswiki CVEs against the assets you own.
Start Free Scan →