Critical severityNVD Advisory· Published Apr 29, 2025· Updated Apr 30, 2025
YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
CVE-2025-46348
Description
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yeswiki/yeswikiPackagist | < 4.5.4 | 4.5.4 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-wc9g-6j9w-hr95ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-46348ghsaADVISORY
- github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530ghsax_refsource_MISCWEB
- github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.