Description
addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.
Exploits (1)
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://www.juniper.net/security/auto/vulnerabilities/vuln35619.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35619
Exploit x_refsource_misc
http://www.packetstormsecurity.org/0907-exploits/talkback-lfiexec.txt
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9095
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58705
Scores
EPSS
0.0436
EPSS Percentile
89.0%
Details
CWE
CWE-20
Status
published
Products (1)
scripts.oldguy/talkback
2.3.14
Published
May 07, 2010
Tracked Since
Feb 18, 2026