CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
90.2%
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
securityreason.com/securityalert/4067
www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt
www.scripts.oldguy.us/talkback/release-notes.html
www.securityfocus.com/bid/30393
www.vupen.com/english/advisories/2008/2211/references
exchange.xforce.ibmcloud.com/vulnerabilities/44018
www.exploit-db.com/exploits/6148
www.exploit-db.com/exploits/6451
www.exploit-db.com/exploits/9095