9.9

CVE-2024-51478

Exploit

EPSS 0.15%
Published 31.10.2024 17:15:13
Last modified 09.05.2025 14:06:43
Source security-advisories@github.com
Teams watchlist Login
Open Login

YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Yeswiki ≫ Yeswiki Version < 4.4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.364

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
security-advisories@github.com	9.9	3.9	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc

Patch

https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7

Patch

https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-51478

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51478

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51478

EUVD