Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Talkback | Talkback | 2.2.7 |
Related Weaknesses (CWE)
References
- http://osvdb.org/38815
- http://osvdb.org/38816
- http://secunia.com/advisories/27767Vendor Advisory
- http://www.scripts.oldguy.us/forums/index.php/topic%2C290.0.html
- http://www.securityfocus.com/archive/1/484045/100/0/threaded
- http://www.securityfocus.com/archive/1/485662/100/100/threaded
- http://www.securityfocus.com/bid/26520
- http://www.vupen.com/english/advisories/2007/3963
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38596
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38597
- https://www.exploit-db.com/exploits/4640
- http://osvdb.org/38815
- http://osvdb.org/38816
- http://secunia.com/advisories/27767Vendor Advisory
- http://www.scripts.oldguy.us/forums/index.php/topic%2C290.0.html
FAQ
What is CVE-2007-6105?
CVE-2007-6105 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php a...
How severe is CVE-2007-6105?
CVE-2007-6105 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6105?
Check the references section above for vendor advisories and patch information. Affected products include: Talkback Talkback.