CVE-2018-1000641

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Common Weakness Enumeration
References
https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
https://github.com/YesWiki/yeswiki/issues/356
https://0dd.zone/2018/08/05/YesWiki-Object-Injection/
https://github.com/YesWiki/yeswiki/issues/356