Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-24019
Summary
YesWiki is a wiki system written in PHP. In yeswiki/yeswiki versions through 4.4.5, it is possible for any authenticated user, through the use of the file manager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without any limitation on the filesystem's scope. This vulnerability allows any authenticated user to arbitrarily remove content from the Wiki resulting in partial loss of data and defacement/deterioration of the website. In the context of a container installation of YesWiki without any modification, the `yeswiki` files (for example .php) are not owned by the same user (root) as the one running the FPM process (www-data). However, in a standard installation, www-data may also be the owner of the PHP files, allowing a malicious user to completely cut access to the wiki by deleting all important PHP files (like `index.php` or core files of YesWiki).
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- LOW
- NONE
- HIGH
CWE-22 - Path Traversal
Path traversal (or directory traversal), is a vulnerability that allows malicious users to traverse the server's root directory, gaining access to arbitrary files and folders such as application code & data, back-end credentials, and sensitive operating system files. In the worst-case scenario, an attacker could potentially execute arbitrary files on the server, resulting in a denial of service attack. Such an exploit may severely impact the integrity, confidentiality, and availability of an application.
References
Advisory Timeline
- Published
