An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.
References
Link | Resource |
---|---|
https://github.com/yeswiki/yeswiki/commit/c9785f9a92744c3475f9676a0d8f95de24750094 | Patch Third Party Advisory |
https://huntr.dev/bounties/07f245a7-ee9f-4b55-a0cc-13d5cb1be6e0/ | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-25T16:14:57
Updated: 2022-03-25T16:14:57
Reserved: 2021-11-01T00:00:00
Link: CVE-2021-43091
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-25T17:15:08.603
Modified: 2022-03-29T18:40:28.067
Link: CVE-2021-43091
JSON object: View
Redhat Information
No data.
CWE