CVE-2009-4090

Name of the Vulnerable Software and Affected Versions telepark.wiki versions 2.4.23 and earlier

Description The issue allows remote attackers to execute arbitrary code by uploading a file with a name containing a NULL byte, due to an unrestricted file upload vulnerability in the ajax/addComment.php script.

Recommendations For versions 2.4.23 and earlier, consider restricting file uploads to only allow specific, validated file types, and ensure that file names are properly sanitized to prevent the use of NULL bytes. As a temporary workaround, consider disabling the file upload functionality in the ajax/addComment.php script until a proper fix is applied.