YesWiki Path Traversal Vulnerability in Theme Manager Allowing Arbitrary File Read

A path traversal vulnerability has been identified in YesWiki versions through 4.5.1. The issue arises in the Theme Manager service, where the 'squelette' parameter can be manipulated to access arbitrary files on the server. This vulnerability allows attackers to read sensitive files, such as configuration files containing database passwords.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive files, including configuration data, passwords, and other critical information, leading to a complete loss of confidentiality.

Reproduction

To reproduce this vulnerability, send a request to the YesWiki application with the 'squelette' parameter set to a path traversal payload, such as '../../../../../../etc/passwd'. The response will include the contents of the requested file, demonstrating the successful exploitation of the path traversal vulnerability.

Remediation

Users can upgrade to YesWiki version 4.5.2 or later, where this vulnerability has been fixed.