CVE-2025-31131

Published Apr 1, 2025

Last updated a year ago

CVSS high 8.6
PHP
YesWiki

Overview

Description
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
Source
security-advisories@github.com
NVD status
Analyzed
Products
yeswiki

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. Seeing some exploit attempts for a new YesWiki vulnerability (CVE-2025-31131). A couple of days after @wgujjer11 's disclosure and PoC exploit were published. However, this exploit should not work as exploited by the attacker in this case. It is just a file read/write issue. the

    @sans_isc

    10 Apr 2025

    1659 Impressions

    3 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Yeswiki : Unauthenticated Path Traversal CVE-2025-31131 Severity : Critical Exploit : https://t.co/ryngTq4TW7 Refrence : https://t.co/VzarJlWTkM #bugbounty #CVE2025_31131 #YesWiki #PathTraversal https://t.co/ftFb0vSWyQ

    @wgujjer11

    4 Apr 2025

    6617 Impressions

    58 Retweets

    244 Likes

    111 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-31131 - high 🚨 Yeswiki < 4.5.2 - Unauthenticated Path Traversal > YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to pat... 👾 https://t.co/TVNNEverdO @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    4 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-31131 YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This … https://t.co/WndInZ9fgR

    @CVEnew

    2 Apr 2025

    294 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-31131: HIGH] YesWiki PHP wiki system had a path traversal vulnerability in the squelette parameter, allowing unauthorized access to server files. Update to version 4.5.2 to fix this security flaw.#cybersecurity,#vulnerability https://t.co/ihq0Tegy84 https://t.co/6fQA8UE

    @CveFindCom

    1 Apr 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. This issue has been patched in version 4.6.0.CVE-2026-34598
  2. Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots fieldCVE-2025-52277
  3. In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.CVE-2025-6491
  4. ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.CVE-2025-46337
  5. YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.CVE-2025-46550

References

Sources include official advisories and independent security research.