CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-1000641

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile7.88th
Published2018年8月20日
Last Modified2024年11月21日

Vulnerability Description

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.

Affected Platforms (CPE)

📦
Yeswiki

Yeswiki

= 2012-10-22-1
📦
Yeswiki

Yeswiki

= 2013-10-17-1
📦
Yeswiki

Yeswiki

= 2016-03-17-1

References & Advisories

🔗 https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
🔗 https://github.com/YesWiki/yeswiki/issues/356
🔗 https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
🔗 https://github.com/YesWiki/yeswiki/issues/356

相关漏洞威胁

CVE-2018-130459.8

SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbi...

CVE-2021-430917.5

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.

CVE-2018-409110.0

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. I...

CVE-2018-022210.0

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an...