CVE-2009-4088

high

Description

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/54327

http://www.osvdb.org/60218

http://www.osvdb.org/60217

http://www.osvdb.org/60216

http://www.exploit-db.com/exploits/9483

http://secunia.com/advisories/37391

http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/

Details

Source: Mitre, NVD

Published: 2009-11-29

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.02796