CVE-2025-31131 Information

Description

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

Reference

https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989 https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm