CVE-2025-46347

Medium CVSS: 5.8

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4.

Vendor

Yeswiki

Product

Yeswiki

CWE

CWE-116

Yayın Tarihi

2025-04-29 18:15:44

Güncelleme

2025-05-09 13:56:01

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-116 Yeswiki MEDIUM Yeswiki 2025

Referanslar

https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066 https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf

Benzer Kayıtlar

Medium

CVE-2025-52277

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted pa…

Critical

CVE-2025-46348

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed…

Medium

CVE-2025-46549

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting at…

Medium

CVE-2025-46550

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are…

High

CVE-2025-46349

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file uplo…

Low

CVE-2025-46350

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting at…