YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NYeswiki
APPYeswiki< 4.5.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
Related vulnerabilities
CVE-2025-46348CRITICAL10.0PL ✓ten sam produkt
YesWiki — pominięcie uwierzytelnienia przy tworzeniu i pobieraniu kopii zapasowej
CVE-2024-51478CRITICAL9.9PL ✓ten sam produkt
YesWiki: słaby algorytm kryptograficzny umożliwia reset hasła dowolnego konta
CVE-2018-1000641CRITICAL9.8ten sam produkt
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user en...
CVE-2026-34598HIGH7.1ten sam produkt
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists i...
CVE-2025-46349HIGH7.6ten sam produkt
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the...