CRITICAL🇵🇱 Wersja polska

CVE-2026-52778

CVSS 9.8v3.1pub. 2026-06-08upd. 2026-06-09

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression before passing them to the PHP eval() function. This implementation is inherently flawed: it is vulnerable to Regular Expression Denial of Service (ReDoS / Stack Overflow) which can crash the server, and it creates a high-risk architecture where any logic bypass directly results in arbitrary PHP code execution. Version 4.6.6 patches the issue.

🤖 AI Analysis
How it works

The application attempts to sanitize user-defined mathematical formulas using a complex recursive regular expression, then passes them to the PHP eval() function. The applied regular expression is vulnerable to ReDoS (Regular Expression Denial of Service), which can lead to stack overflow and server failure. At the same time, the architecture based on eval() means that any bypass of the sanitization logic results in direct execution of arbitrary PHP code by the attacker.

Impact

An unauthenticated attacker can remotely execute arbitrary PHP code on the server (RCE) or cause its unavailability through a ReDoS attack causing process failure.

Mitigation & patch

YesWiki should be updated to version 4.6.6, which contains a patch eliminating the vulnerability. The patch is available in the project's GitHub repository (commit dd2bd8fb099de0d21504bda8a810693b3fcb8e52) and as an official v4.6.6 release.

Who is affected

YesWiki in all versions prior to 4.6.6

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoS
CWE
References