CVE-2025-31131 Scanner

Yeswiki is an open-source wiki system widely used by communities and organizations for collaborative content creation and management. Developed in PHP, this software serves as a versatile platform allowing users to easily create, edit, and share information across teams or user groups. Its user-friendly interface and robust functionality make it ideal for educational institutions, small businesses, and non-profit organizations looking for a cost-effective content management solution. The software is typically hosted on web servers, facilitating remote access and cooperative work among geographically dispersed users. As an evolving platform, contributions from its community help to continually improve and secure the system. Regular updates and an active community contribute to Yeswiki's reputation as a reliable tool for knowledge sharing.

Path Traversal, also known as directory traversal, is a common web vulnerability that allows an attacker to access directories and files stored outside the intended directory. This vulnerability occurs when user input is not properly validated and filtered, enabling unauthorized file reads through crafted requests. Exploiting this weakness, an attacker can navigate through the server's directory structure outside the root directory, potentially accessing sensitive system files like '/etc/passwd'. This can lead to information disclosure, as the attacker gains insight into the directory and file structure, user data, and other critical information stored on the server. Such vulnerabilities often result from inadequate security practices and failure to sanitize user inputs properly.

The vulnerability in Yeswiki involves the 'squelette' parameter, which is susceptible to path traversal attacks. Specifically, an attacker can manipulate this parameter to construct a URL that navigates outside the intended directory, allowing them to access sensitive files on the server. For instance, an HTTP GET request constructed with multiple '../' sequences can target critical files such as '/etc/passwd', revealing potentially sensitive information. Security misconfigurations and lack of input validation are key factors contributing to this issue. The attack does not require authentication, making it particularly dangerous, as any remote user could exploit this flaw.

Exploitation of the path traversal vulnerability could have severe effects, including unauthorized access to sensitive data, such as user credentials and system configurations. This access can facilitate further attacks, such as privilege escalation or lateral movement within the server environment. Additionally, exposure of critical files like '/etc/passwd' provides attackers with valuable information that could be used for user impersonation or social engineering attacks. As a result, the integrity and confidentiality of the affected systems and networks are compromised, potentially leading to data breaches and loss of trust.

REFERENCES

• https://github.com/advisories/GHSA-w34w-fvp3-68xm
• https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989
• https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm