CVE-2025-31131

Sažetak

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

Reference

https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm

CVSS

Base:	8.6
Impact:	4.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Zadnje važnije ažuriranje

01-04-2025 - 20:26

Objavljeno

01-04-2025 - 15:16