CVE-2025-46347

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066	Patch
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf	Exploit Vendor Advisory
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yeswiki:yeswiki:*:*:*:*:*:*:*:*

History

09 May 2025, 13:56

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-29 18:15

Updated : 2025-05-09 13:56

NVD link : CVE-2025-46347

Mitre link : CVE-2025-46347

CVE.ORG link : CVE-2025-46347

JSON object : View

Products Affected

yeswiki

yeswiki

CWE

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2025-46347", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.8, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-29T18:15:44.670", "references": [{"url": "https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4."}, {"lang": "es", "value": "YesWiki es un sistema wiki escrito en PHP. Antes de la versi\u00f3n 4.5.4, YesWiki era vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Una escritura arbitraria en un archivo pod\u00eda utilizarse para escribir un archivo con extensi\u00f3n PHP, que luego se pod\u00eda explorar para ejecutar c\u00f3digo arbitrario en el servidor, lo que resultaba en una vulnerabilidad total del servidor. Esto podr\u00eda ser realizado inadvertidamente por un usuario. Este problema se ha corregido en la versi\u00f3n 4.5.4."}], "lastModified": "2025-05-09T13:56:01.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yeswiki:yeswiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3230BE7-CB3C-401F-A727-7052E9E07A68", "versionEndExcluding": "4.5.4"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}