CVE-2009-4088

telepark.wiki <2.4.23 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by corelanc0d3r · perllocalwindows
https://www.exploit-db.com/exploits/9483
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/10101

References (8)

Scores

EPSS 0.1523
EPSS Percentile 94.6%

Details

CWE
CWE-22
Status published
Products (1)
telepark/telepark.wiki < 2.4.23
Published Nov 29, 2009
Tracked Since Feb 18, 2026