CVE-2025-46347

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-46347

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46347.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-46347

Aliases

GHSA-88xg-v53p-fpvf

Published

2025-04-29T17:11:05Z

Modified

2025-10-14T14:35:17Z

Severity

5.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P CVSS Calculator

Summary

YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

Details

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4.

References

Affected packages

Git /

Affected ranges

Database specific

{
    "unresolved_versions": [
        {
            "type": "",
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "4.5.4"
                }
            ]
        }
    ]
}