Lucene search

K
cve[email protected]CVE-2008-4346
HistorySep 30, 2008 - 6:15 p.m.

CVE-2008-4346

2008-09-3018:15:08
CWE-22
web.nvd.nist.gov
20
security
vulnerability
directory traversal
talkback 2.3.6
remote attackers
cve-2008-4346
nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.3%

Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.

Affected configurations

NVD
Node
talkbacktalkbackMatch2.3.6
OR
talkbacktalkbackMatch2.3.6.4

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.3%

Related for CVE-2008-4346