threat
engine
.sh
Back
·
··:··
Home
/
Product
/
yeswiki
Product
yeswiki
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34598
< 4.6.0
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title fie
6.1
MEDIUM
CVE-2025-52277
all versions
Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to t
6.1
MEDIUM
CVE-2025-46550
< 4.5.4
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the
/?BazaR
endpoint and
idformulaire
parameter are vulnerabl
4.3
MEDIUM
CVE-2025-46549
< 4.5.4
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to st
4.3
MEDIUM
CVE-2025-46348
< 4.5.4
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downlo
10.0
CRITICAL
CVE-2025-46350
< 4.5.4
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to st
3.5
LOW
CVE-2025-46349
< 4.5.4
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. T
7.6
HIGH
CVE-2025-46347
< 4.5.4
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file wr
9.8
CRITICAL
CVE-2025-46346
< 4.5.4
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered
5.4
MEDIUM
CVE-2025-31131
< 4.5.2
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to
8.6
HIGH
CVE-2025-24019
< 4.5.0
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through
7.1
HIGH
CVE-2025-24018
< 4.5.0
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with righ
7.6
HIGH
CVE-2025-24017
< 4.5.0
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XS
7.6
HIGH
CVE-2024-51478
< 4.4.5
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash t
9.9
CRITICAL
CVE-2021-43091
all versions
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.
7.5
HIGH
CVE-2018-13045
<= 2018-06-19-1
SQL injection vulnerability in the "Bazar" page in Yeswiki Cercopitheque 2018-06-19-1 and earlier allows attackers to execute arbi
9.8
CRITICAL
CVE-2018-1000641
all versions
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin