CVE-2024-51478 — CRITICAL (9.9)

Q: How severe is CVE-2024-51478?

CVE-2024-51478 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-51478?

Check the references section above for vendor advisories and patch information. Affected products include: Yeswiki Yeswiki.

Vulnerability Description

YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Yeswiki	Yeswiki	< 4.4.5

Related Weaknesses (CWE)

CWE-327

References

FAQ

What is CVE-2024-51478?

CVE-2024-51478 is a vulnerability with a CVSS score of 9.9 (CRITICAL). YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the ...

How severe is CVE-2024-51478?

CVE-2024-51478 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-51478?

Check the references section above for vendor advisories and patch information. Affected products include: Yeswiki Yeswiki.