Telepark.wiki Multiple Vulnerabilities

Summary
This host is running Telepark wiki and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system. Impact Level: System/Application
Solution
Upgrade to Telepark.wiki version 2.4.25 or later, http://www.telepark.com/Products/telepark-wiki/Download/
Insight
The multiple flaws are due to: - An input appended to the URL after 'index.php' is not properly sanitised before being returned to the user. - An improper authentication verification error in '/ajax/deletePage.php' can be exploited to delete pages without any user credentials. - An improper authentication verification error in '/ajax/deleteComment.php' can be exploited to delete comments without any user credentials. - An input passed via various parameters to multiple scripts is not properly verified before being used to include files. - An error in the '/ajax/addComment.php' script not properly verifying uploaded files.
Affected
Telepark.wiki version prior to 2.4.25 on all platforms
References