CVE-2007-6105

TalkBack 2.2.7 - Remote Code Execution via PHP File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6105. PoCs published by NoGe.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in TalkBack 2.2.7, where the 'language_file' and 'config[comments_form_tpl]' parameters in specific PHP files are not properly sanitized, allowing remote code execution via crafted HTTP requests.

Description

Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/4640

View Code ZIP pw:eip

The exploit demonstrates a remote file inclusion vulnerability in TalkBack 2.2.7, where the 'language_file' and 'config[comments_form_tpl]' parameters in specific PHP files are not properly sanitized, allowing remote code execution via crafted HTTP requests.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TalkBack version 2.2.7

No auth needed

Prerequisites: Access to the vulnerable PHP files via HTTP · Ability to host or reference malicious PHP code

MITRE ATT&CK