← back
CVE-2025-31131

Path Traversal allowing arbitrary read of files in Yeswiki

CVSS 8.6 HIGHEPSS 5.4%CWE-22
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
YesWiki · yeswiki
public PoCs found3
githubgithub.com/MuhammadWaseem29/CVE-2025-311311githubgithub.com/gmh5225/Blackash-CVE-2025-311310exploitdbwww.exploit-db.com/exploits/52135unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm