GHSA-f58v-p6j9-24c2: Authenticated SQL Injection in YesWiki Bazar Module
Vulnerability ID: GHSA-F58V-P6J9-24C2
CVSS Score: 8.8
Published: 2026-04-18
An authenticated SQL Injection vulnerability exists in the Bazar module of YesWiki. The flaw allows authenticated attackers to execute arbitrary SQL commands via the id_fiche parameter, potentially resulting in full database compromise.
TL;DR
YesWiki versions prior to 4.6.1 contain a high-severity SQL Injection vulnerability (CWE-89) in the EntryManager service. An authenticated attacker can append raw SQL to the id_fiche parameter, enabling data exfiltration and database modification.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-89
- Attack Vector: Network
- CVSS Score: 8.8
- Privileges Required: Low
- Exploit Status: PoC Available
- KEV Status: Not Listed
Affected Systems
- YesWiki (Bazar module) installations prior to version 4.6.1
-
yeswiki/yeswiki: < 4.6.1 (Fixed in:
4.6.1)
Exploit Details
- GitHub Security Advisory: Advisory documenting the time-based blind and error-based SQL injection vectors.
- PoC Evidence Image: Image confirming the SLEEP(3) payload execution.
Mitigation Strategies
- Update YesWiki to the latest patched version.
- Deploy Web Application Firewall (WAF) rules to detect and block SQL injection payloads targeting the
/api/entries/endpoint.
Remediation Steps:
- Verify the current version of the YesWiki installation.
- Download YesWiki version 4.6.1 or later.
- Backup the existing YesWiki directory and database.
- Apply the update by replacing the core files according to the YesWiki upgrade documentation.
- Verify the application functions properly and test the patch by submitting a benign payload.
References
- GitHub Security Advisory: GHSA-f58v-p6j9-24c2
- OSV Entry for GHSA-f58v-p6j9-24c2
- YesWiki Source Code Repository
Read the full report for GHSA-F58V-P6J9-24C2 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)