Miggo Logo

CVE-2021-43091: SQL Injection in Yeswiki

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.35876%
Published
3/26/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
yeswiki/yeswikicomposer< 4.1.04.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The key vulnerability was in the email parameter handling during registration. The pre-patch version of User.class.php used raw $email input in SQL construction (WHERE email = "$email") with only addslashes(), which is insufficient for SQL injection prevention. The fix explicitly added mysqli_real_escape_string(), confirming the lack of proper escaping was the root cause. While other functions used AddSlashes(), the registration-specific vulnerability maps directly to this email handling function. The CVE description and patch focus on SQLi via email parameter further corroborate this as the primary vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n SQL Inj**tion vln*r**ility *xits in Y*swiki *oryp*or* ******** vi* t** *m*il p*r*m*t*r in t** r**istr*tion *orm. T** issu* w*s *ix** in Y*swiki v*rsion *.*.*.

Reasoning

T** k*y vuln*r**ility w*s in t** *m*il p*r*m*t*r **n*lin* *urin* r**istr*tion. T** pr*-p*t** v*rsion o* Us*r.*l*ss.p*p us** r*w $*m*il input in SQL *onstru*tion (W**R* *m*il = "$*m*il") wit* only ***sl*s**s(), w*i** is insu**i*i*nt *or SQL inj**tion