Lucene search

MitreCVE-2009-4088

HistoryNov 29, 2009 - 1:07 p.m.

CVE-2009-4088

2009-11-2913:07:34

CWE-22

mitre

web.nvd.nist.gov

cve-2009-4088

telepark.wiki

directory traversal

vulnerabilities

remote attack

arbitrary files

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.005

Percentile

76.8%

JSON

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

Affected configurations

Nvd

Node

teleparktelepark.wikiRange≤2.4.23

VendorProductVersionCPE
teleparktelepark.wiki*cpe:2.3:a:telepark:telepark.wiki:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
telepark	telepark.wiki	*	cpe:2.3:a:telepark:telepark.wiki::::::::

References

blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/

packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt

secunia.com/advisories/37391

www.exploit-db.com/exploits/9483

www.osvdb.org/60216

www.osvdb.org/60217

www.osvdb.org/60218

exchange.xforce.ibmcloud.com/vulnerabilities/54327

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.005

Percentile

76.8%

JSON

Related for CVE-2009-4088