CVE-2025-46347

YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4.

We have discovered 67 live websites that are affected by CVE-2025-46347.

Run a Free Instant Scan



Affected Software

Product  YesWiki
Category Wikis
Vulnerable Domains67 live websites (37% of YesWiki install base)
Vulnerable Versions
  • from 0 through 4.5.4
Vulnerable Versions Count10 versions ( 63% of all versions)


Common Weakness Enumeration

CWE-116 Improper Encoding or Escaping of Output



Details

  • Published - Apr 29, 2025
  • Updated - Apr 29, 2025

Website Distribution by Country

Number of websites using CVE-2025-46347
France58 websites
Switzerland4 websites
Germany4 websites
Italy1 websites

Website Distribution by TLD

Number of websites using CVE-2025-46347
.fr29 websites
.org22 websites
.net5 websites
.be4 websites
.info1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-46347

Top websites that are affected by CVE-2025-46347. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*************.org Germany***,***
**************************.fr France***,***
*********.org Italy*,***,***
*********.fr France*,***,***
********.fr France*,***,***
****.*******.org France*,***,***
**********.fr France*,***,***
**********.*********.net France*,***,***
********.cc Germany*,***,***
**************.org France*,***,***
See full domain list

FAQ

CVE-2025-46347 is Improper Encoding or Escaping of Output in YesWiki
A total of 67 websites have been identified as vulnerable to CVE-2025-46347, based on global website indexing conducted by WebTechSurvey.
The YesWiki is affected by the CVE-2025-46347 vulnerability.
YesWiki versions up to 4.5.4 are vulnerable to CVE-2025-46347.
CVE-2025-46347 is resolved in version 4.5.4 of YesWiki.