Telepark.wiki Security Vulnerabilities and Issues — Telepark.wiki CVE List

Lucene search

TeleparkTelepark.wiki

4 matches found

CVE•added 2009/11/29 1:7 p.m.•42 views

CVE-2009-4089

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.

5CVSS6.8AI score0.0775EPSS

CVE•added 2009/11/29 1:7 p.m.•39 views

CVE-2009-4090

Unrestricted file upload vulnerability in ajax/addComment.php in telepark.wiki 2.4.23 and earlier script allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte.

7.5CVSS7.7AI score0.03019EPSS

CVE•added 2009/11/29 1:7 p.m.•31 views

CVE-2009-4087

Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki 2.4.23 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3CVSS5.7AI score0.00329EPSS

CVE•added 2009/11/29 1:7 p.m.•30 views

CVE-2009-4088

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter ...

6.8CVSS7.2AI score0.13575EPSS