CVE-2009-4088

telepark.wiki <2.4.23 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4088. PoCs published by corelanc0d3r.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in ProShow Gold 4.0 via a maliciously crafted .psh file. It leverages SEH overwrites and includes a Metasploit-generated shellcode payload to execute arbitrary code (e.g., calc.exe).

Description

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by corelanc0d3r · perllocalwindows
https://www.exploit-db.com/exploits/9483

This exploit targets a buffer overflow vulnerability in ProShow Gold 4.0 via a maliciously crafted .psh file. It leverages SEH overwrites and includes a Metasploit-generated shellcode payload to execute arbitrary code (e.g., calc.exe).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Photodex ProShow Gold 4.0
No auth needed
Prerequisites: Victim must open the malicious .psh file in ProShow Gold 4.0
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/10101

This advisory details multiple vulnerabilities in Telepark Wiki <= v2.4.23, including remote command execution via file upload, local file inclusion leading to admin password disclosure, cross-site scripting, and unauthorized page/comment deletion. It provides code snippets, proof-of-concept URLs, and patch details.

Classification
Writeup 100%
Attack Type
Rce | Info Leak | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Telepark Wiki <= v2.4.23
No auth needed
Prerequisites: Network access to the target application · Guest or unauthenticated access to the wiki
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9483
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37391
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/60218
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54327
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/60216
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/60217

Scores

EPSS 0.0280
EPSS Percentile 84.5%

Details

CWE
CWE-22
Status published
Products (1)
telepark/telepark.wiki < 2.4.23
Published Nov 29, 2009
Tracked Since Feb 18, 2026