CyberSec.Space Logo
Back to CVE Browser

CVE-2018-1000641

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile7.88th
PublishedAug 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.

Affected Platforms (CPE)

πŸ“¦
Yeswiki

Yeswiki

= 2012-10-22-1
πŸ“¦
Yeswiki

Yeswiki

= 2013-10-17-1
πŸ“¦
Yeswiki

Yeswiki

= 2016-03-17-1

References & Advisories

πŸ”— https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
πŸ”— https://github.com/YesWiki/yeswiki/issues/356
πŸ”— https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
πŸ”— https://github.com/YesWiki/yeswiki/issues/356

Related Vulnerabilities

CVE-2018-130459.8

SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbi...

CVE-2021-430917.5

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.

CVE-2018-261110.0

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Service...

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...