CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
76.8%
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
Vendor | Product | Version | CPE |
---|---|---|---|
telepark | telepark.wiki | * | cpe:2.3:a:telepark:telepark.wiki:*:*:*:*:*:*:*:* |
blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/
packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt
secunia.com/advisories/37391
www.exploit-db.com/exploits/9483
www.osvdb.org/60216
www.osvdb.org/60217
www.osvdb.org/60218
exchange.xforce.ibmcloud.com/vulnerabilities/54327