CVE-2021-43091: SQL Injection in Yeswiki
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.35876%
CWE
Published
3/26/2022
Updated
1/27/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
yeswiki/yeswiki | composer | < 4.1.0 | 4.1.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The key vulnerability was in the email parameter handling during registration. The pre-patch version of User.class.php used raw $email input in SQL construction (WHERE email = "$email") with only addslashes(), which is insufficient for SQL injection prevention. The fix explicitly added mysqli_real_escape_string(), confirming the lack of proper escaping was the root cause. While other functions used AddSlashes(), the registration-specific vulnerability maps directly to this email handling function. The CVE description and patch focus on SQLi via email parameter further corroborate this as the primary vulnerable function.