pkg:Packagist/yeswiki/yeswiki

All known vulnerabilities

• CRITICAL10.0CVE-2025-46348YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
  from 0, < 4.5.4
• CRITICAL9.9CVE-2024-51478YesWiki Uses a Broken or Risky Cryptographic Algorithm
  from 0, < 4.4.5
• CRITICAL9.8YesWiki: Unauthenticated SQL Injection
  from 0, < 4.6.4
• HIGH8.8YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()
  from 0, < 4.6.1
• HIGH8.6Yeswiki Path Traversal vulnerability allows arbitrary read of files
  from 0, < 4.5.2
• HIGH7.6YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
  from 0, <= 4.5.3
• HIGH7.6Authenticated Stored XSS in YesWiki
  from 0, < 4.5.0
• HIGH7.6Unauthenticated DOM Based XSS in YesWiki
  from 0, < 4.5.0
• HIGH7.5SQL Injection in Yeswiki
  from 0, < 4.1.0
• HIGH7.1Authenticated arbitrary file deletion in YesWiki
  from 0, < 4.5.0
• MEDIUM6.1YesWiki Cross Site Scripting vulnerability
  from 0, <= 4.5.4
• MEDIUM5.3Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
  from 0, < 4.5.4
• MEDIUM5.3Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
  from 0, < 4.5.4
• LOW3.8Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting
  from 0, < 4.5.4
• —YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"
  from 0, < 4.6.0
• —YesWiki Stored XSS Vulnerability in Comments
  from 0, < 4.5.4
• —YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution
  from 0, < 4.5.4