216.73.216.170

CVE-2025-46347

· Published 29/04/2025 18:15 · Modified 29/04/2025 19:15

Labels: CVE-2025-46347 2025-04-29CVE-2025-46347CWE-116[email protected]

Essential information

Published
29/04/2025 18:15
Modified
29/04/2025 19:15
Author
Creator
CVSS
5.8 MEDIUM (v3) 5.8 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
yeswiki / yeswiki cpe:2.3:a:yeswiki:yeswiki:<4.5.4:*:*:*:*:*:*:*

References