CVE-2009-4854
TalkBack 2.3.14 - Remote Code Execution via Import.php Result Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-4854. PoCs published by JIKO.
AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in TalkBack 2.3.14, including command injection via the 'result' parameter in 'import.php' and local file inclusion via the 'language' parameter in 'help.php'. The PoC provides clear instructions and code snippets for exploitation.
Description
addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter.
Exploits (1)
This exploit demonstrates multiple vulnerabilities in TalkBack 2.3.14, including command injection via the 'result' parameter in 'import.php' and local file inclusion via the 'language' parameter in 'help.php'. The PoC provides clear instructions and code snippets for exploitation.