Vulnerability Details CVE-2024-51478
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.7%
CVSS Severity
CVSS v3 Score 9.9
References
Products affected by CVE-2024-51478
-
cpe:2.3:a:yeswiki:yeswiki:-
-
cpe:2.3:a:yeswiki:yeswiki:4.1.0
-
cpe:2.3:a:yeswiki:yeswiki:4.1.1
-
cpe:2.3:a:yeswiki:yeswiki:4.1.2
-
cpe:2.3:a:yeswiki:yeswiki:4.1.3
-
cpe:2.3:a:yeswiki:yeswiki:4.1.4
-
cpe:2.3:a:yeswiki:yeswiki:4.1.5
-
cpe:2.3:a:yeswiki:yeswiki:4.2.0
-
cpe:2.3:a:yeswiki:yeswiki:4.2.1
-
cpe:2.3:a:yeswiki:yeswiki:4.2.2
-
cpe:2.3:a:yeswiki:yeswiki:4.2.3
-
cpe:2.3:a:yeswiki:yeswiki:4.2.4
-
cpe:2.3:a:yeswiki:yeswiki:4.3.0
-
cpe:2.3:a:yeswiki:yeswiki:4.3.1