Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 2:32 a.m.20 views

CVE-2025-24019

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS6.4AI score0.00568EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/21 5:36 p.m.8 views

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS6.7AI score0.00568EPSS
Exploits1References2
CVE
CVE
added 2025/01/21 5:36 p.m.60 views

CVE-2025-24019

CVE-2025-24019 affects YesWiki up to version 4.4.5, where an authenticated user can delete files using the filemanager due to insecure path handling in the deletion path (fmErase) and lack of path validation, enabling arbitrary file removal across the filesystem and potential defacement or data l...

7.1CVSS6.7AI score0.00568EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/01/21 5:36 p.m.60 views

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS0.00568EPSS
Exploits1References2
OSV
OSV
added 2025/01/21 5:36 p.m.19 views

CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

7.1CVSS6AI score0.00568EPSS
Exploits1References4
Circl
Circl
added 2025/01/21 9:47 a.m.29 views

CVE-2025-24019

creationtimestamp| type| source ---|---|--- 2025-01-21 09:47:29+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-43c9-gw4x-pcx6 2025-01-21 18:00:53+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/2439 2025-01-21 18:16:32+00:00...

7.1CVSS5.7AI score0.00568EPSS
Exploits1References5
Rows per page
Query Builder