📦 Yeswiki
by Yeswiki
🔍 What is Yeswiki?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-46348 is an authentication bypass vulnerability in YesWiki that allows unauthenticated attackers to trigger and download site backups. The predictable backup filenames enable attackers to fil...
YesWiki versions before 4.5.4 contain a remote code execution vulnerability that allows attackers to write arbitrary PHP files to the server. When exploited, this gives attackers full control over the...
This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptography and a hard-coded salt. Attackers can then reset passwords for any user account, potentially gaini...
YesWiki versions before 4.5.2 contain a path traversal vulnerability in the squelette parameter that allows attackers to read arbitrary files on the server. This affects all YesWiki installations runn...
This vulnerability in YesWiki allows any authenticated user to delete arbitrary files owned by the PHP-FPM process user, potentially leading to data loss, website defacement, or complete service disru...
This stored XSS vulnerability in YesWiki allows authenticated users with page/comment editing rights to inject malicious scripts via the {{attach}} component. When exploited, it can lead to account th...
YesWiki versions up to 4.4.5 contain a DOM-based cross-site scripting (XSS) vulnerability in the tag search feature. When users click malicious links containing crafted tags, attackers can execute arb...
This SQL injection vulnerability in Yeswiki Doryphore allows attackers to execute arbitrary SQL commands through the email parameter in the registration form. This affects all users running vulnerable...
This Cross-Site Scripting (XSS) vulnerability in YesWiki v.4.54 allows remote attackers to inject malicious scripts via the meta configuration robots field. When exploited, this could enable attackers...
This is a reflected cross-site scripting (XSS) vulnerability in YesWiki's /?BazaR endpoint via the idformulaire parameter. Attackers can craft malicious links that steal authenticated users' cookies w...