[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6105Date: (C)2007-11-23   (M)2023-12-22


Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/484045/100/0/threaded
http://www.securityfocus.com/archive/1/485662/100/100/threaded
BID-26520
SECUNIA-27767
OSVDB-38815
OSVDB-38816
EXPLOIT-DB-4640
ADV-2007-3963
http://www.scripts.oldguy.us/forums/index.php/topic%2C290.0.html
talkback-commentsdisplaytpl-file-include(38596)
talkback-mycommentsdisplaytpl-file-include(38597)

CWE    1
CWE-94

© SecPod Technologies