CVE-2024-51478
CVSS V2 None
CVSS V3 None
Description
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.
Overview
- CVE ID
- CVE-2024-51478
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-31T16:15:46.811Z
- Last Modified Date
- 2024-10-31T16:51:13.578Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3 | x_refsource_CONFIRM |
https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc | x_refsource_MISC |
https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-51478 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51478 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-11-01 13:06:17 | Added to TrackCVE |