Vulnerability Details CVE-2008-3371
Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.068
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securityreason.com/securityalert/4067
- http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt
- http://www.scripts.oldguy.us/talkback/release-notes.html
- http://www.securityfocus.com/bid/30393
- http://www.vupen.com/english/advisories/2008/2211/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44018
- https://www.exploit-db.com/exploits/6148
- https://www.exploit-db.com/exploits/6451
- https://www.exploit-db.com/exploits/9095
- http://securityreason.com/securityalert/4067
- http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt
- http://www.scripts.oldguy.us/talkback/release-notes.html
- http://www.securityfocus.com/bid/30393
- http://www.vupen.com/english/advisories/2008/2211/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44018
- https://www.exploit-db.com/exploits/6148
- https://www.exploit-db.com/exploits/6451
- https://www.exploit-db.com/exploits/9095