CyberSec.Space Logo
Back to CVE Browser

CVE-2021-43091

HIGH
7.5
CVSS Severity Score
EPSS Score0.1990%
EPSS Percentile28.27th
PublishedMar 25, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.

Affected Platforms (CPE)

πŸ“¦
Yeswiki

Yeswiki

= 4.1.0

References & Advisories

πŸ”— https://github.com/yeswiki/yeswiki/commit/c9785f9a92744c3475f9676a0d8f95de24750094
πŸ”— https://huntr.dev/bounties/07f245a7-ee9f-4b55-a0cc-13d5cb1be6e0/
πŸ”— https://github.com/yeswiki/yeswiki/commit/c9785f9a92744c3475f9676a0d8f95de24750094
πŸ”— https://huntr.dev/bounties/07f245a7-ee9f-4b55-a0cc-13d5cb1be6e0/

Related Vulnerabilities

CVE-2018-10006419.8

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i...

CVE-2018-130459.8

SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbi...

CVE-2021-2177710.0

An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and deve...

CVE-2021-3011610.0

Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offe...