AI description
CVE-2025-31131 is a path traversal vulnerability affecting YesWiki, a PHP-based wiki system. The vulnerability exists in the 'squelette' parameter, which is susceptible to path traversal attacks. By manipulating this parameter, attackers can gain unauthorized read access to arbitrary files on the server. This vulnerability allows an attacker to access sensitive files, potentially exposing configuration data, passwords, database records, log data, source code, and program scripts. This can lead to a complete loss of confidentiality. The vulnerability affects YesWiki versions prior to 4.5.2.
- Description
- YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-22
- Hype score
- Not currently trending
Seeing some exploit attempts for a new YesWiki vulnerability (CVE-2025-31131). A couple of days after @wgujjer11 's disclosure and PoC exploit were published. However, this exploit should not work as exploited by the attacker in this case. It is just a file read/write issue. the
@sans_isc
10 Apr 2025
1659 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Yeswiki : Unauthenticated Path Traversal CVE-2025-31131 Severity : Critical Exploit : https://t.co/ryngTq4TW7 Refrence : https://t.co/VzarJlWTkM #bugbounty #CVE2025_31131 #YesWiki #PathTraversal https://t.co/ftFb0vSWyQ
@wgujjer11
4 Apr 2025
6617 Impressions
58 Retweets
244 Likes
111 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-31131 - high 🚨 Yeswiki < 4.5.2 - Unauthenticated Path Traversal > YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to pat... 👾 https://t.co/TVNNEverdO @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
4 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-31131 YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This … https://t.co/WndInZ9fgR
@CVEnew
2 Apr 2025
294 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-31131: HIGH] YesWiki PHP wiki system had a path traversal vulnerability in the squelette parameter, allowing unauthorized access to server files. Update to version 4.5.2 to fix this security flaw.#cybersecurity,#vulnerability https://t.co/ihq0Tegy84 https://t.co/6fQA8UE
@CveFindCom
1 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes