CVE-2026-52778
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing them to the PHP eval() function. This implementation is inherently flawed: it is vulnerable to Regular Expression Denial of Service (ReDoS / Stack Overflow) which can crash the server, and it creates a high-risk architecture where any logic bypass directly results in arbitrary PHP code execution. Version 4.6.6 patches the issue.
94
Improper Control of Generation of Code ('Code Injection')
DraftCommon Consequences
Security Scopes Affected:
Access Control
Integrity
Confidentiality
Availability
Non-Repudiation
Potential Impacts:
Bypass Protection Mechanism
Gain Privileges Or Assume Identity
Execute Unauthorized Code Or Commands
Hide Activities
Applicable Platforms
Languages:
Interpreted
Technologies:
AI/ML
1333
Inefficient Regular Expression Complexity
DraftCommon Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Cpu)
Applicable Platforms
All platforms may be affected
https://github.com/YesWiki/yeswiki/commit/dd2bd8fb099de0d21504bda8a810693b3fcb8…
https://github.com/YesWiki/yeswiki/releases/tag/v4.6.6
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-px5m-h76g-p7p8