CVE-2021-43091

HIGH7.5EPSS 0.15%

SQL Injection in Yeswiki

Published: 3/26/2022Modified: 11/8/2023

Description

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. The issue was fixed in Yeswiki version 4.1.0.

Affected packages (1)

Packagist/yeswiki/yeswikifrom 0, < 4.1.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-43091
PATCHhttps://github.com/yeswiki/yeswiki
WEBhttps://github.com/yeswiki/yeswiki/commit/c9785f9a92744c3475f9676a0d8f95de24750094
WEBhttps://huntr.dev/bounties/07f245a7-ee9f-4b55-a0cc-13d5cb1be6e0