Vulnerability Details CVE-2009-4088
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.136
EPSS Ranking 93.9%
CVSS Severity
CVSS v2 Score 6.8
References
- http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/
- http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt
- http://secunia.com/advisories/37391
- http://www.exploit-db.com/exploits/9483
- http://www.osvdb.org/60216
- http://www.osvdb.org/60217
- http://www.osvdb.org/60218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54327
- http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/
- http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt
- http://secunia.com/advisories/37391
- http://www.exploit-db.com/exploits/9483
- http://www.osvdb.org/60216
- http://www.osvdb.org/60217
- http://www.osvdb.org/60218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54327
Products affected by CVE-2009-4088
-
cpe:2.3:a:telepark:telepark.wiki:*