Lucene search

[email protected]CVE-2009-4874

HistoryMay 26, 2010 - 6:30 p.m.

CVE-2009-4874

2010-05-2618:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-4874

talkback

edit comment

comments.php

remote attackers

vulnerability

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON

TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.

CPENameOperatorVersion
scripts.oldguy:talkbackscripts.oldguy talkbackeq2.3.14

CPE	Name	Operator	Version
scripts.oldguy:talkback	scripts.oldguy talkback	eq	2.3.14

References

osvdb.org/55745

secunia.com/advisories/35735

www.exploit-db.com/exploits/9095

www.juniper.net/security/auto/vulnerabilities/vuln35619.html

www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt

www.securityfocus.com/bid/35619

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVE-2009-4874

prion1 cvelist1