CVE-2021-43091: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

March 26, 2022 (updated April 5, 2022)

An SQL Injection vlnerability exists in Yeswiki Doryphore prior to version 4.1.0 via the email parameter in the registration form.

References

github.com/advisories/GHSA-xgx2-332h-9x6q
github.com/yeswiki/yeswiki/commit/c9785f9a92744c3475f9676a0d8f95de24750094
huntr.dev/bounties/07f245a7-ee9f-4b55-a0cc-13d5cb1be6e0/
nvd.nist.gov/vuln/detail/CVE-2021-43091

Code Behaviors & Features

Detect and mitigate CVE-2021-43091 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →