HIGH🇵🇱 Wersja polska

CVE-2025-31131

CVSS 8.6v3.1pub. 2025-04-01upd. 2025-05-09

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • Yeswiki

    APP
    Yeswiki
    < 4.5.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2025-46348CRITICAL10.0PL ✓ten sam produkt

YesWiki — pominięcie uwierzytelnienia przy tworzeniu i pobieraniu kopii zapasowej

CVE-2024-51478CRITICAL9.9PL ✓ten sam produkt

YesWiki: słaby algorytm kryptograficzny umożliwia reset hasła dowolnego konta

CVE-2018-1000641CRITICAL9.8ten sam produkt

YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user en...

CVE-2026-34598HIGH7.1ten sam produkt

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists i...

CVE-2025-46349HIGH7.6ten sam produkt

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the...