CVE-2008-3371

TalkBack <2.3.6.2 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in install/help.php in TalkBack 2.3.5, and other versions before 2.3.6.2, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/6451

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by JIKO · textwebappsphp

https://www.exploit-db.com/exploits/9095

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/6148

View Code ZIP pw:eip

References (9)

[Exploit, Third Party Advisory] http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt

[Various Sources] http://www.scripts.oldguy.us/talkback/release-notes.html

[Exploit] http://www.securityfocus.com/bid/30393

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44018

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6148

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6451

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/9095

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2211/references

[Third Party Advisory] http://securityreason.com/securityalert/4067

Scores

EPSS 0.0837

EPSS Percentile 92.2%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

talkback/talkback

Timeline

Published Jul 30, 2008

Tracked Since Feb 18, 2026