2 matches found
CVE-2009-4874
CVE-2009-4874 affects TalkBack 2.3.14 where the edit comment feature (comments.php) does not correctly enforce access control, allowing remote modification of comments. The root cause is insufficient access restrictions on the edit-comment functionality. Documents do not provide a confirmed patch...
CVE-2009-4854
CVE-2009-4854 affects TalkBack 2.3.14: addons/import.php accepts a result parameter that enables remote command execution. This is a server-side input handling flaw in the import routine (component/file: addons/import.php) that permits arbitrary commands to be executed by an attacker. The CVSS-de...