Yeswiki

YesWiki versions prior to 4.6.4 are vulnerable to an unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`), allowing an unauthenticated attacker to inject arbitrary SQL into an `INSERT` statement and read the full database, including `yeswiki_users.password` hashes (CVE-2026-46670).

YesWiki is vulnerable to authenticated SQL Injection via the id_fiche parameter in the EntryManager::formatDataBeforeSave() function, allowing attackers to inject arbitrary SQL commands and potentially extract sensitive data.