2 matches found
CVE-2009-4874
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
CVE-2009-4854
addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.