QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4089

Published: Nov 27, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://blog.telepark.com/telepark-web-software/2009/11/09/telepark-wiki-security-fixes/

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

teleparkwiki-page-comment-security-bypass(54329)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

http://packetstormsecurity.org/0911-exploits/Telepark-fixes-nov09-2.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.