pkg:Packagist/yeswiki/yeswiki

All known vulnerabilities

• CRITICAL10.0CVE-2025-46348YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
  from 0, < 4.5.4
• CRITICAL9.9CVE-2024-51478YesWiki Uses a Broken or Risky Cryptographic Algorithm
  from 0, < 4.4.5
• CRITICAL9.8CVE-2026-46670YesWiki: Unauthenticated SQL Injection
  from 0, < 4.6.4
• HIGH8.8CVE-2026-41143YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()
  from 0, < 4.6.1
• HIGH8.6CVE-2025-31131Yeswiki Path Traversal vulnerability allows arbitrary read of files
  from 0, < 4.5.2
• HIGH7.6CVE-2025-46349YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
  from 0, <= 4.5.3
• HIGH7.6CVE-2025-24018Authenticated Stored XSS in YesWiki
  from 0, < 4.5.0
• HIGH7.6CVE-2025-24017Unauthenticated DOM Based XSS in YesWiki
  from 0, < 4.5.0
• HIGH7.5CVE-2021-43091SQL Injection in Yeswiki
  from 0, < 4.1.0
• HIGH7.1CVE-2025-24019Authenticated arbitrary file deletion in YesWiki
  from 0, < 4.5.0
• MEDIUM6.1CVE-2025-52277YesWiki Cross Site Scripting vulnerability
  from 0, <= 4.5.4
• MEDIUM5.3CVE-2025-46550Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
  from 0, < 4.5.4
• MEDIUM5.3CVE-2025-46549Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
  from 0, < 4.5.4
• LOW3.8CVE-2025-46350Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting
  from 0, < 4.5.4
• —CVE-2026-34598YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"
  from 0, < 4.6.0
• —CVE-2025-46346YesWiki Stored XSS Vulnerability in Comments
  from 0, < 4.5.4
• —CVE-2025-46347YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution
  from 0, < 4.5.4