CVE-2025-46347

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.5.4

Description YesWiki, a wiki system written in PHP, is susceptible to remote code execution. This issue arises from an arbitrary file write capability, which can be exploited to create a file with a PHP extension. An attacker can then browse to this file, executing arbitrary code on the server and potentially leading to a full server compromise. This exploitation could occur unintentionally through user actions.

Recommendations For versions prior to 4.5.4, update to version 4.5.4 to resolve the issue.