GSA_kwCzR0hTQS14Z3gyLTMzMmgtOXg2cc011w

High EPSS: 0.00146% (0.36 Percentile) EPSS:

Permalink JSON

SQL Injection in Yeswiki

Affected Packages	Affected Versions	Fixed Versions
packagist:yeswiki/yeswiki	< 4.1.0	4.1.0
0 Dependent packages 0 Dependent repositories 18 Downloads total Affected Version Ranges All affected versions All unaffected versions 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.3, 4.2.4, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. The issue was fixed in Yeswiki version 4.1.0.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-43091
https://github.com/yeswiki/yeswiki/commit/c9785f9a92744c3475f9676a0d8f95de24750094
https://huntr.dev/bounties/07f245a7-ee9f-4b55-a0cc-13d5cb1be6e0/
https://github.com/advisories/GHSA-xgx2-332h-9x6q

Identifiers

GHSA-xgx2-332h-9x6q

CVE-2021-43091

Risk

Severity

High

EPSS

EPSS Percentage: 0.00146

EPSS Percentile: 0.36

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yeswiki/yeswiki

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories