GHSA-xgx2-332h-9x6q

Suggest an improvement
Source
https://github.com/advisories/GHSA-xgx2-332h-9x6q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-xgx2-332h-9x6q/GHSA-xgx2-332h-9x6q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xgx2-332h-9x6q
Aliases
Published
2022-03-26T00:00:32Z
Modified
2023-11-08T04:07:08.738059Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
SQL Injection in Yeswiki
Details

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form. The issue was fixed in Yeswiki version 4.1.0.

Database specific 
{
    "nvd_published_at": "2022-03-25T17:15:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-30T15:24:00Z"
}
References

Affected packages

Packagist / yeswiki/yeswiki

Package

Name
yeswiki/yeswiki
Purl
pkg:composer/yeswiki/yeswiki

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.0