
We found results for “”
WS-2022-0244
Good to know:

Date: July 27, 2022
Yeswiki through 4.2.2 is vulnerable to unauthenticated SQL injection. An attacker can interfere with the application's database and queries. This issue has been fixed in versions 4.2.3 and above.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89Top Fix

Upgrade Version
Upgrade to version yeswiki/yeswiki - 4.2.3;yeswiki/yeswiki - dev-dependabot/npm_and_yarn/braces-3.0.3
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |