CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1000641

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile7.88th
Published2018年8月20日
Last Modified2024年11月21日

Vulnerability Description

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.

Affected Platforms (CPE)

📦
Yeswiki

Yeswiki

= 2012-10-22-1
📦
Yeswiki

Yeswiki

= 2013-10-17-1
📦
Yeswiki

Yeswiki

= 2016-03-17-1

References & Advisories

🔗 https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
🔗 https://github.com/YesWiki/yeswiki/issues/356
🔗 https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
🔗 https://github.com/YesWiki/yeswiki/issues/356

相關漏洞威脅

CVE-2018-130459.8

SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbi...

CVE-2021-430917.5

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.

CVE-2018-1472110.0

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by ...

CVE-2018-1246410.0

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows a...