cpe:/a:telepark:telepark.wiki:2.4.23 CVE-2009-4088 2009-11-29T08:07:34.843-05:00 2017-08-16T21:31:25.773-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-11-30T09:45:00.000-05:00 SECUNIA 37391 OSVDB 60216 OSVDB 60217 OSVDB 60218 EXPLOIT-DB 9483 CONFIRM http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/ MISC http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt XF teleparkwiki-multiple-file-include(54327) Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.