7 matches found
CVE-2026-52769
creationtimestamp| type| source ---|---|--- 2026-07-09 22:35:21+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-vw42-752g-5mrp...
EUVD-2024-2932
Malicious code in bioql PyPI...
CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...
CVE-2025-46350
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...
CVE-2025-46347
CVE-2025-46347 YesWiki is a remote code execution vulnerability in YesWiki up to version 4.5.3 (patched in 4.5.4). The issue allows an arbitrary file write and execution when a PHP file is created via a user-writable directory, enabling an attacker to browse the PHP file and run code on the serve...
CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...
GHSA-W34W-FVP3-68XM Yeswiki Path Traversal vulnerability allows arbitrary read of files
Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...