Directory traversal

2008-09-3018:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.3%

JSON

Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.

CPENameOperatorVersion
talkbackeq2.3.6
talkbackeq2.3.6.4

CPE	Name	Operator	Version
	talkback	eq	2.3.6
	talkback	eq	2.3.6.4

References

secunia.com/advisories/31879

securityreason.com/securityalert/4267

www.securityfocus.com/bid/31164

www.vupen.com/english/advisories/2008/2565

exchange.xforce.ibmcloud.com/vulnerabilities/45102

www.exploit-db.com/exploits/6451