6 matches found
CVE-2025-24019
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...
CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...
CVE-2025-24019
CVE-2025-24019 affects YesWiki up to version 4.4.5, where an authenticated user can delete files using the filemanager due to insecure path handling in the deletion path (fmErase) and lack of path validation, enabling arbitrary file removal across the filesystem and potential defacement or data l...
CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...
CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...
CVE-2025-24019
creationtimestamp| type| source ---|---|--- 2025-01-21 09:47:29+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-43c9-gw4x-pcx6 2025-01-21 18:00:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2439 2025-01-21 18:16:32+00:00...