Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6105

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6105
Last Modified 07 Mar 2011 10:01:47
Published 23 Nov 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6105

Summary

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.

Vulnerable Systems

Application

  • Talkback 2.2.7


References

XF - talkback-mycommentsdisplaytpl-file-include(38597)

XF - talkback-commentsdisplaytpl-file-include(38596)

VUPEN - ADV-2007-3963

BID - 26520

BUGTRAQ - 20071227 Re: TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities

BUGTRAQ - 20071121 TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities

CONFIRM - http://www.scripts.oldguy.us/forums/index.php/topic,290.0.html

MILW0RM - 4640

SECUNIA - 27767

OSVDB - 38816

OSVDB - 38815


Last Updated: 27 May 2016 10:46:22