CVE-2025-46347— YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4.

N/A

对输出编码和转义不恰当

YesWiki 安全漏洞

YesWiki是法国YesWiki组织的一个用 PHP 编写的 wiki 系统。用于以协作方式创建和管理网站。 YesWiki 4.5.4之前版本存在安全漏洞，该漏洞源于任意文件写入，可能导致远程代码执行。

N/A

N/A