cbcvebase.

Telepark Telepark.Wiki vulnerabilities

4 known vulnerabilities affecting telepark/telepark.wiki.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2009-4088P3MEDIUMCVSS 6.8PoC≤ 2.4.232009-11-29
CVE-2009-4088 [MEDIUM] CWE-22 CVE-2009-4088: Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attack Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
nvd
CVE-2009-4089P3MEDIUMCVSS 5.0PoCv2.4.232009-11-29
CVE-2009-4089 [MEDIUM] CWE-287 CVE-2009-4089: telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbi telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
nvd
CVE-2009-4090P3HIGHCVSS 7.5≤ 2.4.232009-11-29
CVE-2009-4090 [HIGH] CWE-20 CVE-2009-4090: Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier sc Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.
nvd
CVE-2009-4087P4MEDIUMCVSS 4.3≤ 2.4.232009-11-29
CVE-2009-4087 [MEDIUM] CWE-79 CVE-2009-4087: Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows rem Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
nvd
Telepark Telepark.Wiki vulnerabilities | cvebase