CVE-2026-46670 Scanner
CVE-2026-46670 Scanner - SQL Injection vulnerability in YesWiki
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
3 weeks 11 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
The YesWiki software is a collaborative tool used by educational institutions, businesses, and community organizations to create and manage interactive web platforms. Its customizable nature allows users to set up wikis with various modules for content creation, information sharing, and team collaboration. YesWiki is favored for its ease of use, open-source availability, and adaptability to different user needs. Typically utilized by administrators or team members, it serves as a repository for documentation and an interactive communication tool. Its usage spans across numerous fields due to its capacity to host large amounts of collaborative data efficiently.
The SQL Injection vulnerability present in YesWiki versions before 4.6.4 allows unauthorized individuals to inject malicious SQL queries into the database. This occurs specifically in the Bazar form-import path where user inputs are not properly sanitized. The exploitation of this vulnerability enables attackers to manipulate database queries and potentially extract sensitive information such as usernames, emails, and password hashes. This vulnerability could lead to unauthorized access and data theft within the system.
The vulnerability lies within the bn_id_nature parameter of the FormManager::create() function. The parameter inputs are concatenated directly into SQL statements without proper sanitization, which provides an avenue for SQL Injection attacks. Attackers can append their malstructured SQL commands, gaining control over the database's actions. Successful exploitation can result in reading the full database including password hashes from the yeswiki_users table. This lack of sanitization and validation presents significant security risks.
If exploited, this vulnerability allows attackers to dump entire database contents. Critical personal information such as usernames, emails, and hashed passwords may be compromised. Malicious actors can use this information for account takeovers, unauthorized access, or selling data on the dark web. It poses a severe risk to data confidentiality and integrity, potentially causing reputational damage and financial losses for organizations relying on YesWiki.
REFERENCES
