cbcvebase.

Talkback vulnerabilities

4 known vulnerabilities affecting talkback/talkback.

Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2008-3371P3HIGHCVSS 7.5PoCv2.3.52008-07-30
CVE-2008-3371 [HIGH] CWE-22 CVE-2008-3371: Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2 Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
nvd
CVE-2008-4346P3HIGHCVSS 7.5PoCv2.3.6v2.3.6.42008-09-30
CVE-2008-4346 [HIGH] CVE-2008-4346: Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include a Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371.
nvd
CVE-2007-6105P3MEDIUMCVSS 6.8PoCv2.2.72007-11-23
CVE-2007-6105 [MEDIUM] CWE-94 CVE-2007-6105: Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execu Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.
nvd
CVE-2008-4115P4MEDIUMCVSS 5.0PoCv2.3.62008-09-16
CVE-2008-4115 [MEDIUM] CWE-200 CVE-2008-4115: TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to i TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
nvd
Talkback vulnerabilities | cvebase