CRITICAL🇵🇱 Wersja polska

CVE-2025-46348

CVSS 10.0v3.1pub. 2025-04-29upd. 2025-05-09

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.

🤖 AI Analysis
How it works

The endpoint responsible for initiating the website backup creation process does not require any authentication (CWE-287, CWE-862). The generated archive receives a predictable filename, allowing an attacker to independently guess the path and download the ready-made archive without having an account in the system. An attacker can mass-invoke archive creation requests, filling up the server's disk space, or download a single archive containing sensitive data from the entire website.

Impact

An attacker without any permissions can gain access to sensitive data from the entire website (including configuration files, databases, and content) contained in the archive, as well as exhaust the server's disk space by repeatedly generating backups.

Mitigation & patch

YesWiki should be updated to version 4.5.4, where the issue has been fixed. Detailed information is available in the vendor's official security advisory and in references to commit 0d4efc880a727599fa4f6d7a64cc967afe475530.

Who is affected

YesWiki in all versions prior to 4.5.4

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Yeswiki

    APP
    Yeswiki
    < 4.5.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-51478CRITICAL9.9PL ✓ten sam produkt

YesWiki: słaby algorytm kryptograficzny umożliwia reset hasła dowolnego konta

CVE-2018-1000641CRITICAL9.8ten sam produkt

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user en...

CVE-2026-34598HIGH7.1ten sam produkt

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists i...

CVE-2025-46349HIGH7.6ten sam produkt

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the...

CVE-2025-31131HIGH8.6ten sam produkt

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enab...