YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
The endpoint responsible for initiating the website backup creation process does not require any authentication (CWE-287, CWE-862). The generated archive receives a predictable filename, allowing an attacker to independently guess the path and download the ready-made archive without having an account in the system. An attacker can mass-invoke archive creation requests, filling up the server's disk space, or download a single archive containing sensitive data from the entire website.
An attacker without any permissions can gain access to sensitive data from the entire website (including configuration files, databases, and content) contained in the archive, as well as exhaust the server's disk space by repeatedly generating backups.
YesWiki should be updated to version 4.5.4, where the issue has been fixed. Detailed information is available in the vendor's official security advisory and in references to commit 0d4efc880a727599fa4f6d7a64cc967afe475530.
YesWiki in all versions prior to 4.5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HYeswiki
APPYeswiki< 4.5.4
Related vulnerabilities
YesWiki: słaby algorytm kryptograficzny umożliwia reset hasła dowolnego konta
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user en...
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists i...
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the...
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enab...