CVE-2025-31131

HIGH NUCLEI

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

Title source: nuclei

Description

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

Exploits (3)

exploitdb WORKING POC

by Al Baradi Joy · textwebappsmultiple

https://www.exploit-db.com/exploits/52135

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by MuhammadWaseem29 · poc

https://github.com/MuhammadWaseem29/CVE-2025-31131

View Code ZIP pw:eip

nomisec WORKING POC

by gmh5225 · poc

https://github.com/gmh5225/Blackash-CVE-2025-31131

View Code ZIP pw:eip

Nuclei Templates (1)

Yeswiki < 4.5.2 - Unauthenticated Path Traversal

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: html:"yeswiki"

References (2)

[Patch] https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989

[Exploit, Vendor Advisory] https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm

Scores

CVSS v3 8.6

EPSS 0.0824

EPSS Percentile 92.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

yeswiki/yeswiki < 4.5.2

yeswiki/yeswiki 0 - 4.5.2Packagist

Published Apr 01, 2025

Tracked Since Feb 18, 2026